Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2009-1918
HistoryJul 29, 2009 - 5:30 p.m.

CVE-2009-1918

2009-07-2917:30:01
CWE-94
[email protected]
web.nvd.nist.gov
7

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.954

Percentile

99.4%

JSON

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka β€œHTML Objects Memory Corruption Vulnerability.”

Affected configurations

Nvd
Node
microsoftinternet_explorerMatch6
AND
microsoftwindows_server_2003sp2
OR
microsoftwindows_xpsp1
OR
microsoftwindows_xpsp2professional_x64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp3
Node
microsoftinternet_explorerMatch7
AND
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008Match--x32
OR
microsoftwindows_server_2008Match-sp2x86
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_vistaMatch--x64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp3
Node
microsoftinternet_explorerMatch5.01sp4
OR
microsoftinternet_explorerMatch6sp1
AND
microsoftwindows_2000sp4
Node
microsoftinternet_explorerMatch8
AND
microsoftwindows_server_2003sp2
OR
microsoftwindows_server_2008itanium
OR
microsoftwindows_server_2008sp2itanium
OR
microsoftwindows_server_2008sp2x64
OR
microsoftwindows_server_2008Match--x32
OR
microsoftwindows_server_2008Match--x64
OR
microsoftwindows_server_2008Match-sp2x86
OR
microsoftwindows_vistasp1
OR
microsoftwindows_vistasp2
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp2x64
OR
microsoftwindows_xpMatch-sp3
VendorProductVersionCPE
microsoftinternet_explorer6cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
microsoftwindows_xp-cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*
microsoftinternet_explorer7cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:-:x32:*:*:*:*:*
microsoftwindows_server_2008-cpe:2.3:o:microsoft:windows_server_2008:-:sp2:x86:*:*:*:*:*
microsoftwindows_vista*cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
Rows per page:
1-10 of 211

Related

prion 1
seebug 1
checkpoint_advisories 1
cvelist 1
zdi 1
securityvulns 3
cve 1
nessus 1
mskb 1
openvas 2
prion
prion
Memory corruption
2009-07-29 17:30:00
seebug
seebug
Microsoft Internet Explorer HTMLθ‘¨ε•ε―Ήθ±‘θΏœη¨‹δ»£η ζ‰§θ‘ŒζΌζ΄ž(MS09-034)
2009-07-29 00:00:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer HTML Objects Memory Corruption (MS09-034; CVE-2009-1918)
2009-07-28 00:00:00
cvelist
cvelist
CVE-2009-1918
2009-07-29 17:00:00
zdi
zdi
Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
2009-08-05 00:00:00
securityvulns
securityvulns
ZDI-09-047: Microsoft Internet Explorer getElementsByTagName Memory Corruption Vulnerability
2009-08-07 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2009-08-07 00:00:00
Microsoft Security Bulletin MS09-034 - Critical Cumulative Security Update for Internet Explorer (972260)
2009-07-29 00:00:00
cve
cve
CVE-2009-1918
2009-07-29 17:30:01
nessus
nessus
MS09-034: Cumulative Security Update for Internet Explorer (972260)
2009-07-28 00:00:00
mskb
mskb
MS09-034: Cumulative security update for Internet Explorer
2020-04-16 06:54:29
openvas
openvas
Cumulative Security Update for Internet Explorer (972260)
2009-07-29 00:00:00
Cumulative Security Update for Internet Explorer (972260)
2009-07-29 00:00:00

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.954

Percentile

99.4%

JSON
Related for NVD:CVE-2009-1918
prion1seebug1checkpoint_advisories1cvelist1zdi1securityvulns3cve1nessus1mskb1openvas2