CVE-2009-2954Improper Input Validation in Microsoft Internet Explorer

CWE-20Improper Input Validation2 documents2 sources
Severity
5.0MEDIUMNVD
EPSS
13.7%
top 5.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 24
Latest updateMay 2

Description

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer6.0.2900.2180+61

🔴Vulnerability Details

1
GHSA
GHSA-h7qr-2r4v-9236: Microsoft Internet Explorer 62022-05-02
CVE-2009-2954 — Improper Input Validation in Microsoft | cvebase