Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2009-0075 — Code Injection in Microsoft Internet Explorer
Severity
9.3CRITICALNVD
EPSS
86.9%
top 0.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedFeb 10
Latest updateMay 2
Description
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages1 packages
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-84pr-v9rf-j48h: Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arb↗2022-05-02
💥Exploits & PoCs
7Exploit-DB▶
Microsoft Internet Explorer 7 - CFunctionPointer Uninitialized Memory Corruption (MS09-002) (Metasploit)↗2010-07-12
Exploit-DB
▶
🕵️Threat Intelligence
8Unit42▶
Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7↗2018-09-05