Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1140Sensitive Information Exposure in Microsoft Internet Explorer

CWE-200Sensitive Information Exposure8 documents4 sources
Severity
9.3CRITICALNVD
NVD7.1NVD4.3
EPSS
61.3%
top 1.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft Internet ExplorerMicrosoft Windows Vista
Timeline
PublishedJun 10
Latest updateMay 2

Description

Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:N/A:NExploitability: 8.6 | Impact: 6.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

3
GHSA
GHSA-mh3v-wwhj-j4pq: Microsoft Internet Explorer 52022-05-02
GHSA
GHSA-93vc-2h9g-v2wq: Microsoft Internet Explorer 52022-05-02
GHSA
GHSA-7vfc-h53m-93j3: Microsoft Internet Explorer 52022-05-02

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - Cached Content Cross Domain Information Disclosure2009-06-09

💬Community

1
Bugzilla
CVE-2016-4553 squid: Cache poisoning issue in HTTP Request handling2016-05-09
CVE-2009-1140 — Sensitive Information Exposure | cvebase