CVE-2009-1528 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Internet Explorer

CWE-399 CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

69.5%

top 1.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Explorer

Timeline

PublishedJun 10

Latest updateMay 2

Description

Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/internet_explorer6, 7+1

🔴Vulnerability Details

GHSA

GHSA-jv6v-hc3c-59cq: Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2↗2022-05-02

▶

📐Framework References

CWE

Improper Restriction of Operations within the Bounds of a Memory Buffer↗

▶