Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2433

CWE-119Buffer Overflow4 documents4 sources
Severity
4.3MEDIUM
EPSS
18.1%
top 4.83%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedJul 10
Latest updateMay 2

Description

Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/internet_explorer8 versions+7
NVDmicrosoft/ie8.0b

🔴Vulnerability Details

2
GHSA
GHSA-qhcw-5j3h-wgx3: Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application2022-05-02
CVEList
CVE-2009-2433: Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application2009-07-10

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - 'AddFavorite' Remote Crash (PoC)2009-07-09
CVE-2009-2433 (MEDIUM CVSS 4.3) | Stack-based buffer overflow in the | cvebase.io