Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0076Out-of-bounds Write in Microsoft Internet Explorer

CWE-3996 documents3 sources
Severity
9.3CRITICALNVD
EPSS
58.5%
top 1.79%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedFeb 10
Latest updateMay 2

Description

Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-r3mx-8m92-cr4r: Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conju2022-05-02

💥Exploits & PoCs

4
Exploit-DB
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)2009-03-04
Exploit-DB
Microsoft Internet Explorer 7 (Windows XP SP2) - Memory Corruption (MS09-002)2009-02-20
Exploit-DB
Microsoft Internet Explorer 7 (Windows 2003 SP2) - Memory Corruption (MS09-002)2009-02-20
Exploit-DB
Microsoft Internet Explorer 7 - Memory Corruption (MS09-002)2009-02-20
CVE-2009-0076 — Out-of-bounds Write in Microsoft | cvebase