CVE-2009-1532
published 2009-06-10CVE-2009-1532: Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly…
PriorityP355high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
36.76%
98.3th percentile
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Out-of-bounds Write
mitre_cwe
CWE-787 Out-of-bounds Write
CWE-787: Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Memory, Execute Unauthorized Code or Commands. Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
Scope: Other. Impact: Unexpected State. Subsequent write operations can produce undefined or unexpected results.
Detection Methods:
Automated Static Analysis: This weakness can often be detected using automated s
CWE
Improper Restriction of Operations within the Bounds of a Memory Buffer
mitre_cwe
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Background: Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands, Modify Memory. If the memory accessible by the attacker can be effec
http://osvdb.org/54951http://www.securityfocus.com/archive/1/504208/100/0/threadedhttp://www.securitytracker.com/id?1022350http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1538http://www.zerodayinitiative.com/advisories/ZDI-09-041https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244http://osvdb.org/54951http://www.securityfocus.com/archive/1/504208/100/0/threadedhttp://www.securitytracker.com/id?1022350http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlhttp://www.vupen.com/english/advisories/2009/1538http://www.zerodayinitiative.com/advisories/ZDI-09-041https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244
2009-06-10
Published