cbcvebase.
CVE-2009-1547
published 2009-10-14

CVE-2009-1547: Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream…

PriorityP264high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
37.44%
98.3th percentile
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

Affected

4 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • ·Vulnerability is unspecified at the memory-corruption level; the two crafted HTTP reply patterns are the only known concrete triggers. Detection should focus on network-level anomalies in HTTP response headers rather than host-based indicators.
  • ·Failed exploitation may only produce a denial-of-service condition rather than code execution, so crashes/hangs of iexplore.exe after fetching deflate-encoded content should also be treated as suspicious.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.