Vulnerability Details : CVE-2009-1531
Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2009-1531
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Server 2003When used together with: Microsoft » Windows Server 2008When used together with: Microsoft » Windows Vista
Exploit prediction scoring system (EPSS) score for CVE-2009-1531
69.56%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1531
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2009-1531
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2009-1531
-
http://osvdb.org/54950
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308
404 Not Found
-
http://www.securitytracker.com/id?1022350
GoDaddy Domain Name Search
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019
Microsoft Security Bulletin MS09-019 - Critical | Microsoft Learn
-
http://www.zerodayinitiative.com/advisories/ZDI-09-039
ZDI-09-039 | Zero Day Initiative
-
http://www.securityfocus.com/bid/35234
-
http://www.securityfocus.com/archive/1/504216/100/0/threaded
-
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
Page Not Found | CISAUS Government Resource
-
http://www.vupen.com/english/advisories/2009/1538
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
Jump to