CVE-2009-1917 : Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Expl

Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Published 2009-07-29 17:30:01

Updated 2023-12-07 18:38:57

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2009-1917

Probability of exploitation activity in the next 30 days: 92.79%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-1917

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-1917

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-1917

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6072

404 Not Found
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034

Microsoft Security Bulletin MS09-034 - Critical | Microsoft Learn

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/2033

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA09-195A.html

Microsoft Updates for Multiple Vulnerabilities | CISA
US Government Resource

CVEs referencing this url
http://www.securitytracker.com/id?1022611

CVEs referencing this url
http://www.securityfocus.com/bid/35831

Products affected by CVE-2009-1917

Microsoft » Internet Explorer » Version: 5.01 Update SP4
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Internet Explorer » Version: 6 Update SP1
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows 2000 » Update SP4
Microsoft » Internet Explorer » Version: 6
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Xp » Update SP1
When used together with: Microsoft » Windows Xp » Update SP2 Professional X64 Edition
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2
When used together with: Microsoft » Windows Xp » Version: N/A Update SP3
Microsoft » Internet Explorer » Version: 7
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Version: N/A X32 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 X86 Edition
When used together with: Microsoft » Windows Vista » Update SP1
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Vista » Version: N/A X64 Edition
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2
When used together with: Microsoft » Windows Xp » Version: N/A Update SP3
Microsoft » Internet Explorer » Version: 8
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows Server 2003 » Update SP2
When used together with: Microsoft » Windows Server 2008 » Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 Itanium Edition
When used together with: Microsoft » Windows Server 2008 » Update SP2 X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A X32 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A X64 Edition
When used together with: Microsoft » Windows Server 2008 » Version: N/A Update SP2 X86 Edition
When used together with: Microsoft » Windows Vista » Update SP1
When used together with: Microsoft » Windows Vista » Update SP2
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2
When used together with: Microsoft » Windows Xp » Version: N/A Update SP2 X64 Edition
When used together with: Microsoft » Windows Xp » Version: N/A Update SP3

Vulnerability Details : CVE-2009-1917

Exploit prediction scoring system (EPSS) score for CVE-2009-1917

CVSS scores for CVE-2009-1917

CWE ids for CVE-2009-1917

References for CVE-2009-1917

Products affected by CVE-2009-1917