Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3019Code Injection in Microsoft Internet Explorer

CWE-94Code Injection3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
7.2%
top 8.41%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedAug 31
Latest updateMay 2

Description

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

1
GHSA
GHSA-6wjh-6xpp-x5j3: Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (appli2022-05-02

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - JavaScript SetAttribute Remote Crash2009-08-18
CVE-2009-3019 — Code Injection in Microsoft | cvebase