CVE-2009-1547
published 2009-10-14CVE-2009-1547: Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream…
PriorityP264high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
37.44%
98.3th percentile
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·Vulnerability is unspecified at the memory-corruption level; the two crafted HTTP reply patterns are the only known concrete triggers. Detection should focus on network-level anomalies in HTTP response headers rather than host-based indicators. ↗
- ·Failed exploitation may only produce a denial-of-service condition rather than code execution, so crashes/hangs of iexplore.exe after fetching deflate-encoded content should also be treated as suspicious. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054)
exploitdb·2009-10-15·CVSS 8.8
CVE-2009-1547 [HIGH] Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054)
Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054)
---
MSIE Content-Encoding: deflate memory corruption vulnerability
(a.k.a. MSRC 8769, MS09-054, CVE-2009-1547, “Data Stream Header Corruption Vulnerability”)
Microsoft fixed a bug in Internet Explorer’s “Content-Encoding:deflate” implementation. Here are two HTTP replies that trigger the bug:
HTTP/.\nContent-Encoding:deflate\r\t\n\r\n\x20\x20
HTTP \nContent-Encoding:deflate\nContent-Range:\n\n”
The bug allows memory corruption, which can be exploited to execute arbitrary code. The big surprise (to me at least) is that nobody seems to have found this before even though it’s fairly easy to trigger.
Exploit-DB
Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
exploitdb·2009-10-13
CVE-2009-1547 Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution
---
source: https://www.securityfocus.com/bid/36622/info
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.
HTTP/.\nContent-Encoding:deflate\r\t\n\r\n\x20\x20
HTTP \nContent-Encoding:deflate\nContent-Range:\n\n”
No writeups or analysis indexed.
http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6454http://www.us-cert.gov/cas/techalerts/TA09-286A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6454
2009-10-14
Published