CVE-2009-1920
published 2009-09-08CVE-2009-1920: The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
21.51%
97.3th percentile
The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
http://www.us-cert.gov/cas/techalerts/TA09-251A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316http://www.us-cert.gov/cas/techalerts/TA09-251A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316
2009-09-08
Published