Vulnerability Details : CVE-2009-1530
Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionExecute code
Exploit prediction scoring system (EPSS) score for CVE-2009-1530
Probability of exploitation activity in the next 30 days: 94.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1530
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-1530
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1530
-
http://osvdb.org/54949
-
http://www.securitytracker.com/id?1022350
GoDaddy Domain Name Search
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019
Microsoft Security Bulletin MS09-019 - Critical | Microsoft Learn
-
http://www.securityfocus.com/archive/1/504209/100/0/threaded
-
http://www.zerodayinitiative.com/advisories/ZDI-09-038
ZDI-09-038 | Zero Day Initiative
-
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Page Not Found | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2009/1538
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294
404 Not Found
Products affected by CVE-2009-1530
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003When used together with: Microsoft » Windows Server 2008When used together with: Microsoft » Windows Vista
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*