CVE-2009-3674
published 2009-12-09CVE-2009-3674: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that…
PriorityP267critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
26.26%
97.7th percentile
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck8.1HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mqh3-jqp8-83fg: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
ghsa_unreviewed·2022-05-13·CVSS 8.1
CVE-2010-2559 [HIGH] CWE-908 GHSA-mqh3-jqp8-83fg: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.
GHSA
GHSA-6xc6-38fw-mpv2: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
ghsa_unreviewed·2022-05-02·CVSS 8.1
CVE-2010-0246 [HIGH] CWE-94 GHSA-6xc6-38fw-mpv2: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0245.
GHSA
GHSA-3w8c-hmvh-m87g: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
ghsa_unreviewed·2022-05-02·CVSS 8.1
CVE-2009-3674 [HIGH] GHSA-3w8c-hmvh-m87g: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
GHSA
GHSA-533f-24pj-cvj8: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-3671 [CRITICAL] CWE-416 GHSA-533f-24pj-cvj8: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
GHSA
GHSA-589g-vgq7-8xv6: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
ghsa_unreviewed·2022-05-02·CVSS 8.1
CVE-2010-0245 [HIGH] CWE-94 GHSA-589g-vgq7-8xv6: Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an obje
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.
VulnCheck
Microsoft Internet Explorer Uninitialized Memory Corruption
vulncheck·2009·CVSS 8.1
CVE-2009-3674 [HIGH] Microsoft Internet Explorer Uninitialized Memory Corruption
Microsoft Internet Explorer Uninitialized Memory Corruption
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
Affected: Microsoft Internet Explorer
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://cisa.gov/news-events/alerts/2015/04/29/top-30-targeted-high-risk-vulnerabilities; https://www.us-cert.gov/ncas/alerts/TA15-119A
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securitytracker.com/id?1023293http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570http://www.securitytracker.com/id?1023293http://www.us-cert.gov/cas/techalerts/TA09-342A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6570
2009-12-09
Published
Exploited in the wild