Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12810
HistoryOct 15, 2009 - 12:00 a.m.

MS Internet Explorer 6 - 8 Content-Encoding Memory Corruption

2009-10-1500:00:00
Root
www.seebug.org
5

0.956 High

EPSS

Percentile

99.2%

JSON

No description provided by source.


                                                MSIE Content-Encoding: deflate memory corruption vulnerability

(a.k.a. MSRC 8769, MS09-054, CVE-2009-1547, “Data Stream Header Corruption Vulnerability”)

Microsoft fixed a bug in Internet Explorer’s “Content-Encoding:deflate” implementation. Here are two HTTP replies that trigger the bug:

HTTP/.\nContent-Encoding:deflate\r\t\n\r\n\x20\x20
HTTP \nContent-Encoding:deflate\nContent-Range:\n\n”

The bug allows memory corruption, which can be exploited to execute arbitrary code. The big surprise (to me at least) is that nobody seems to have found this before even though it’s fairly easy to trigger.

Related

packetstorm 1
exploitpack 1
seebug 3
cve 1
checkpoint_advisories 1
securityvulns 3
prion 1
cvelist 1
symantec 1
exploitdb 1
nessus 1
mskb 1
openvas 2
packetstorm
packetstorm
MSIE Content-Encoding: Deflate Memory Corruption
2009-10-15 00:00:00
exploitpack
exploitpack
Microsoft Internet Explorer 567 - Memory Corruption (MS09-054)
2009-10-15 00:00:00
seebug
seebug
Microsoft Internet Explorer 5 6 7 memory corruption PoC
2009-10-15 00:00:00
Microsoft IE deflate HTTP内容编码远程代码执行漏洞(MS09-054)
2009-10-19 00:00:00
Microsoft Internet Explorer 5 6 7 memory corruption PoC
2009-10-15 00:00:00
cve
cve
CVE-2009-1547
2009-10-14 10:30:00
checkpoint_advisories
checkpoint_advisories
Internet Explorer Data Stream Header Corruption (MS09-054; CVE-2009-1547)
2009-10-13 00:00:00
securityvulns
securityvulns
MSIE Content-Encoding: deflate memory corruption vulnerability
2009-10-14 00:00:00
Microsoft Security Bulletin MS09-054 - Critical Cumulative Security Update for Internet Explorer (974455)
2009-10-13 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2009-10-14 00:00:00
prion
prion
Memory corruption
2009-10-14 10:30:00
cvelist
cvelist
CVE-2009-1547
2009-10-14 10:00:00
symantec
symantec
Microsoft Internet Explorer 'deflate' HTTP Content Encoding Remote Code Execution Vulnerability
2009-10-13 00:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 5/6/7 - Memory Corruption (MS09-054)
2009-10-15 00:00:00
nessus
nessus
MS09-054: Cumulative Security Update for Internet Explorer (974455)
2009-10-13 00:00:00
mskb
mskb
MS09-054: Cumulative security update for Internet Explorer
2014-06-23 07:27:42
openvas
openvas
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
2009-10-14 00:00:00
Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
2009-10-14 00:00:00

0.956 High

EPSS

Percentile

99.2%

JSON
Related for SSV:12810
packetstorm1exploitpack1seebug3cve1checkpoint_advisories1securityvulns3prion1cvelist1symantec1exploitdb1nessus1mskb1openvas2