CVE-2009-1918Code Injection in Microsoft Internet Explorer

CWE-94Code Injection5 documents3 sources
Severity
10.0CRITICALNVD
EPSS
60.2%
top 1.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedJul 29
Latest updateMar 30

Description

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method,

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-2qfw-pxqf-m278: Microsoft Internet Explorer 52022-05-02

📄Research Papers

3
arXiv
URSID: Using formalism to Refine attack Scenarios for vulnerable Infrastructure Deployment2023-03-30
arXiv
Stochastic Simulation Techniques for Inference and Sensitivity Analysis of Bayesian Attack Graphs2021-03-18
arXiv
Cyclic Bayesian Attack Graphs: A Systematic Computational Approach2020-05-13
CVE-2009-1918 — Code Injection in Microsoft | cvebase