cbcvebase.
CVE-2009-1140
published 2009-06-10

CVE-2009-1140: Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server…

PriorityP339high7.1CVSS 2.0
AVNACMAuNCCINAN
EXPLOIT
EPSS
24.76%
97.6th percentile
Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."

Affected

5 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftwindows_vista

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/33024.zip
  • Vulnerability involves IE rendering cached content across domains — monitor for IE processes accessing cached content from cross-origin zones (e.g., local files read from a remote-domain browser context).
  • Exploitation may manifest as IE accessing local files or content from a different domain/security zone — alert on cross-zone resource reads within Internet Explorer.
  • ·Affected versions are narrowly scoped: IE 5.01 SP4, IE 6 SP1, IE 6 and 7 for Windows XP SP2/SP3, IE 6 and 7 for Server 2003 SP2, IE 7 for Vista Gold/SP1/SP2, and IE 7 for Server 2008 SP2 — detection efforts should be scoped to these specific version/OS combinations.
  • ·The exploitation vector is described as 'unspecified' — no specific HTTP parameters, headers, or markup patterns are publicly documented, limiting precise signature-based detection.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.