CVE-2009-0554

Description

Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Microsoft / internet_explorer6 – 6
Microsoft / internet_explorer7 – 7
Microsoft / internet_explorer5.01 – 5.01
Microsoft / internet_explorer6 – 6

References

VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1028
MISChttp://www.us-cert.gov/cas/techalerts/TA09-104A.html
VENDOR_ADVISORYhttp://secunia.com/advisories/34678
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014
MISChttp://www.securitytracker.com/id?1022042
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5723
MISChttp://support.avaya.com/elmodocs2/security/ASA-2009-133.htm