CVE-2009-2529Code Injection in Microsoft Internet Explorer

CWE-94Code Injection2 documents2 sources
Severity
8.1HIGHNVD
EPSS
22.6%
top 4.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedOct 14
Latest updateMay 2

Description

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer4 versions+3

🔴Vulnerability Details

1
GHSA
GHSA-wm54-3xjp-vjmc: Microsoft Internet Explorer 52022-05-02
CVE-2009-2529 — Code Injection in Microsoft | cvebase