CVE-2009-1529

Description

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Microsoft / internet_explorer6 – 6
Microsoft / internet_explorer7 – 7
Microsoft / internet_explorer6 – 6
Microsoft / internet_explorer5.01 – 5.01
Microsoft / internet_explorer5.01 – 5.01
Microsoft / internet_explorer8 – 8

References

VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1538
MISChttp://www.securityfocus.com/archive/1/504205/100/0/threaded
MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019
VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-09-036
MISChttp://www.securityfocus.com/bid/35223
MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6295
MISChttp://osvdb.org/54948
MISChttp://www.us-cert.gov/cas/techalerts/TA09-160A.html
MISChttp://www.securitytracker.com/id?1022350