CVE-2009-3019

2009-08-3116:30:09

CWE-94

mitre

web.nvd.nist.gov

cve-2009-3019

microsoft

internet explorer

windows

vista

denial of service

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.9

Confidence

High

EPSS

0.461

Percentile

97.5%

JSON

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.

Affected configurations

Nvd

Node

microsoftinternet_explorerMatch6

AND

microsoftwindows_xpsp2

microsoftwindows_xpsp3

Node

microsoftinternet_explorerMatch7

AND

microsoftwindows_vista

VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_explorer	6	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
microsoft	internet_explorer	7	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
microsoft	windows_vista	*	cpe:2.3:o:microsoft:windows_vista::::::::