CVE-2009-1532

Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/54951	Broken Link
http://www.securityfocus.com/archive/1/504208/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1022350	Broken Link Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-160A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2009/1538	Broken Link Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-041	Broken Link Third Party Advisory VDB Entry
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_server_2003:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:-::::-::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-::::-::x86:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:*
	cpe:2.3:o:microsoft:windows_vista:-:-::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp1::::::
	cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:::professional::x64:
	cpe:2.3:o:microsoft:windows_xp:-:sp3::::::

History

09 Feb 2024, 03:22

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::* cpe:2.3:o:microsoft:windows_server_2008::sp2:x64::::: cpe:2.3:o:microsoft:windows_server_2003::sp2::::::* cpe:2.3:o:microsoft:windows_vista:sp1:::::::* cpe:2.3:o:microsoft:windows_server_2008:::x64:::::* cpe:2.3:o:microsoft:windows_vista:::x64:::::* cpe:2.3:o:microsoft:windows_vista:gold:::::::* cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::* cpe:2.3:o:microsoft:windows_vista:sp2:::::::* cpe:2.3:o:microsoft:windows_xp:sp3:::::::* cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:::::* cpe:2.3:o:microsoft:windows_xp:-:::::::*	cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x86:* cpe:2.3:o:microsoft:windows_vista:-:-:::::: cpe:2.3:o:microsoft:windows_xp:-:sp3:::::: cpe:2.3:o:microsoft:windows_vista:-:sp2:::::: cpe:2.3:o:microsoft:windows_server_2008:-:sp2:::::x64:* cpe:2.3:o:microsoft:windows_xp:-:sp2:::professional::x64: cpe:2.3:o:microsoft:windows_server_2008:-::::-::x86:* cpe:2.3:o:microsoft:windows_server_2003:-:sp2:::::: cpe:2.3:o:microsoft:windows_server_2008:-::::-::x64:* cpe:2.3:o:microsoft:windows_vista:-:sp1:::::: cpe:2.3:o:microsoft:windows_xp:-:sp2::::::
References	~~() http://osvdb.org/54951 -~~	() http://osvdb.org/54951 - Broken Link
References	~~() http://www.securityfocus.com/archive/1/504208/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/504208/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id?1022350 -~~	() http://www.securitytracker.com/id?1022350 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.us-cert.gov/cas/techalerts/TA09-160A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA09-160A.html - Broken Link, Third Party Advisory, US Government Resource
References	~~() http://www.vupen.com/english/advisories/2009/1538 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2009/1538 - Broken Link, Vendor Advisory
References	~~() http://www.zerodayinitiative.com/advisories/ZDI-09-041 -~~	() http://www.zerodayinitiative.com/advisories/ZDI-09-041 - Broken Link, Third Party Advisory, VDB Entry
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 - Patch, Vendor Advisory
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244 - Broken Link
CWE	~~CWE-399~~	CWE-787

07 Dec 2023, 18:38

Type	Values Removed	Values Added
CPE	cpe:2.3:o:microsoft:windows_vista::sp2:x64::::: cpe:2.3:o:microsoft:windows_vista::sp1:x64:::::	cpe:2.3:o:microsoft:windows_vista::sp1::::::* cpe:2.3:o:microsoft:windows_vista::sp2::::::*

23 Jul 2021, 15:12

Type	Values Removed	Values Added
CPE	cpe:2.3:a:microsoft:ie:8:::::::*	cpe:2.3:a:microsoft:internet_explorer:8:::::::*

Information

Published : 2009-06-10 18:30

Updated : 2024-02-09 03:22

NVD link : CVE-2009-1532

Mitre link : CVE-2009-1532

CVE.ORG link : CVE-2009-1532

JSON object : View

Products Affected

microsoft

windows_vista
windows_server_2008
internet_explorer
windows_server_2003
windows_xp

CWE

CWE-787

Out-of-bounds Write

9.3 /10