cvelistv5 - cve-2009-0075

CVE-2009-0075 (GCVE-0-2009-0075)

Vulnerability from cvelistv5 – Published: 2009-02-10 22:13 – Updated: 2024-08-07 04:24

Summary

Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://www.exploit-db.com/exploits/8082	exploitx_refsource_EXPLOIT-DB
	http://www.zerodayinitiative.com/advisories/ZDI-09-011/	x_refsource_MISC
	http://www.securityfocus.com/bid/33627	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2009/0389	vdb-entryx_refsource_VUPEN
	http://osvdb.org/51839	vdb-entryx_refsource_OSVDB
	https://www.exploit-db.com/exploits/8079	exploitx_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/8080	exploitx_refsource_EXPLOIT-DB
	https://www.exploit-db.com/exploits/8077	exploitx_refsource_EXPLOIT-DB
	http://www.us-cert.gov/cas/techalerts/TA09-041A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:17.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "oval:org.mitre.oval:def:6000",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
          },
          {
            "name": "8082",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8082"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
          },
          {
            "name": "33627",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33627"
          },
          {
            "name": "ADV-2009-0389",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0389"
          },
          {
            "name": "51839",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/51839"
          },
          {
            "name": "8079",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8079"
          },
          {
            "name": "8080",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8080"
          },
          {
            "name": "8077",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/8077"
          },
          {
            "name": "TA09-041A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
          },
          {
            "name": "MS09-002",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-02-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "oval:org.mitre.oval:def:6000",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
        },
        {
          "name": "8082",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8082"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
        },
        {
          "name": "33627",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33627"
        },
        {
          "name": "ADV-2009-0389",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0389"
        },
        {
          "name": "51839",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/51839"
        },
        {
          "name": "8079",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8079"
        },
        {
          "name": "8080",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8080"
        },
        {
          "name": "8077",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/8077"
        },
        {
          "name": "TA09-041A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
        },
        {
          "name": "MS09-002",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "oval:org.mitre.oval:def:6000",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
            },
            {
              "name": "8082",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8082"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
            },
            {
              "name": "33627",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33627"
            },
            {
              "name": "ADV-2009-0389",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0389"
            },
            {
              "name": "51839",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/51839"
            },
            {
              "name": "8079",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8079"
            },
            {
              "name": "8080",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8080"
            },
            {
              "name": "8077",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/8077"
            },
            {
              "name": "TA09-041A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
            },
            {
              "name": "MS09-002",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2009-0075",
    "datePublished": "2009-02-10T22:13:00",
    "dateReserved": "2009-01-08T00:00:00",
    "dateUpdated": "2024-08-07T04:24:17.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3527F41-A6ED-437D-9833-458A2C60C2A3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"43D64F8D-975A-4A5B-BEDF-D27D65C96A29\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"9012FF99-B2F1-42F5-8366-D5071B66F42D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*\", \"matchCriteriaId\": \"DBE4A4EA-A0DE-4FDE-B9EC-D8729E17A1F1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*\", \"matchCriteriaId\": \"51160A46-6768-44D5-89CD-6DB9D2268A2E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"7211B5C5-6B6E-4A33-88BC-1D64CD684204\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:*:professional:*:*:*:x64:*\", \"matchCriteriaId\": \"39DC2489-8FB9-4301-A966-268DE7D0A503\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp2:professional:*:*:*:x64:*\", \"matchCriteriaId\": \"C551BCF9-358A-46F5-8592-E309D3EBC5F3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Microsoft Internet Explorer 7 no maneja adecuadamente los errores durante un intento de acceso a los objetos eliminados, esto permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de un documento HTML manipulado; est\\u00e1 relacionado con CFunctionPointer y la inclusi\\u00f3n de objetos de documentos. Tambi\\u00e9n se conoce como \\\"Vulnerabilidad de Corrupci\\u00f3n de Memoria no Iniciada\\\"\\r\\n\"}]",
      "id": "CVE-2009-0075",
      "lastModified": "2024-11-21T00:59:00.020",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-02-10T22:30:00.250",
      "references": "[{\"url\": \"http://osvdb.org/51839\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/33627\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-041A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0389\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-011/\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8077\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8079\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8080\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8082\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://osvdb.org/51839\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://www.securityfocus.com/bid/33627\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA09-041A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2009/0389\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.zerodayinitiative.com/advisories/ZDI-09-011/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8079\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8080\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.exploit-db.com/exploits/8082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0075\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2009-02-10T22:30:00.250\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \\\"Uninitialized Memory Corruption Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft Internet Explorer 7 no maneja adecuadamente los errores durante un intento de acceso a los objetos eliminados, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado; est\u00e1 relacionado con CFunctionPointer y la inclusi\u00f3n de objetos de documentos. Tambi\u00e9n se conoce como \\\"Vulnerabilidad de Corrupci\u00f3n de Memoria no Iniciada\\\"\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A33FA7F-BB2A-4C66-B608-72997A2BD1DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3527F41-A6ED-437D-9833-458A2C60C2A3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"43D64F8D-975A-4A5B-BEDF-D27D65C96A29\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"9012FF99-B2F1-42F5-8366-D5071B66F42D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D929AA2-EE0B-4AA1-805D-69BCCA11B77F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"DBE4A4EA-A0DE-4FDE-B9EC-D8729E17A1F1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"51160A46-6768-44D5-89CD-6DB9D2268A2E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"7211B5C5-6B6E-4A33-88BC-1D64CD684204\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:*:professional:*:*:*:x64:*\",\"matchCriteriaId\":\"39DC2489-8FB9-4301-A966-268DE7D0A503\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:professional:*:*:*:x64:*\",\"matchCriteriaId\":\"C551BCF9-358A-46F5-8592-E309D3EBC5F3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/51839\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/33627\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-041A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0389\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-011/\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/8077\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8079\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8080\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8082\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://osvdb.org/51839\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securityfocus.com/bid/33627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA09-041A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2009/0389\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.zerodayinitiative.com/advisories/ZDI-09-011/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/8077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8079\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8080\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/8082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CERTA-2009-AVI-059

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités affectant Microsoft Internet Explorer permetttent à une personne distante malintentionnée d'exécuter du code arbitraire.

Description

Deux vulnérabilités, permettant une exécution de code arbitraire à distance, ont été découvertes dans Microsoft Internet Explorer :

la première vulnérabilité est exploitable via une page Internet spécialement conçue essayant d'accéder à un objet préalablement effacé ;
la seconde est due à une erreur dans la gestion des CSS (Cascading Style Sheets) et est exploitable via une page web spécialement conçue.

Solution

Se référer au bulletin de sécurité Microsoft pour l'obtention des correctifs (cf. section Documentation).

Internet Explorer 7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité MS09-002 du 10 février 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS09-002 du 10 février 2009 :	-	other
Bulletin de sécurité Microsoft MS09-002 du 10 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eInternet Explorer 7.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s, permettant une ex\u00e9cution de code arbitraire \u00e0\ndistance, ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Internet Explorer :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est exploitable via une page Internet\n    sp\u00e9cialement con\u00e7ue essayant d\u0027acc\u00e9der \u00e0 un objet pr\u00e9alablement\n    effac\u00e9 ;\n-   la seconde est due \u00e0 une erreur dans la gestion des CSS (Cascading\n    Style Sheets) et est exploitable via une page web sp\u00e9cialement\n    con\u00e7ue.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0075"
    },
    {
      "name": "CVE-2009-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0076"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-002 du 10 f\u00e9vrier 2009    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-002.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-002 du 10 f\u00e9vrier 2009    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-059",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s affectant Microsoft Internet Explorer permetttent \u00e0\nune personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS09-002 du 10 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

CERTA-2009-AVI-059

Vulnerability from certfr_avis - Published: - Updated:

Deux vulnérabilités affectant Microsoft Internet Explorer permetttent à une personne distante malintentionnée d'exécuter du code arbitraire.

Description

Deux vulnérabilités, permettant une exécution de code arbitraire à distance, ont été découvertes dans Microsoft Internet Explorer :

la première vulnérabilité est exploitable via une page Internet spécialement conçue essayant d'accéder à un objet préalablement effacé ;
la seconde est due à une erreur dans la gestion des CSS (Cascading Style Sheets) et est exploitable via une page web spécialement conçue.

Solution

Se référer au bulletin de sécurité Microsoft pour l'obtention des correctifs (cf. section Documentation).

Internet Explorer 7.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité MS09-002 du 10 février 2009	None	vendor-advisory
Bulletin de sécurité Microsoft MS09-002 du 10 février 2009 :	-	other
Bulletin de sécurité Microsoft MS09-002 du 10 février 2009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eInternet Explorer 7.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s, permettant une ex\u00e9cution de code arbitraire \u00e0\ndistance, ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Internet Explorer :\n\n-   la premi\u00e8re vuln\u00e9rabilit\u00e9 est exploitable via une page Internet\n    sp\u00e9cialement con\u00e7ue essayant d\u0027acc\u00e9der \u00e0 un objet pr\u00e9alablement\n    effac\u00e9 ;\n-   la seconde est due \u00e0 une erreur dans la gestion des CSS (Cascading\n    Style Sheets) et est exploitable via une page web sp\u00e9cialement\n    con\u00e7ue.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0075"
    },
    {
      "name": "CVE-2009-0076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0076"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-002 du 10 f\u00e9vrier 2009    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS09-002.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS09-002 du 10 f\u00e9vrier 2009    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS09-002.mspx"
    }
  ],
  "reference": "CERTA-2009-AVI-059",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-02-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s affectant Microsoft Internet Explorer permetttent \u00e0\nune personne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Microsoft Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 MS09-002 du 10 f\u00e9vrier 2009",
      "url": null
    }
  ]
}

GHSA-84PR-V9RF-J48H

Vulnerability from github – Published: 2022-05-02 03:12 – Updated: 2025-04-09 04:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0075"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-02-10T22:30:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\"",
  "id": "GHSA-84pr-v9rf-j48h",
  "modified": "2025-04-09T04:04:39Z",
  "published": "2022-05-02T03:12:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0075"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8077"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8079"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8080"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/8082"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/51839"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33627"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/0389"
    },
    {
      "type": "WEB",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2009-0075

Vulnerability from fkie_nvd - Published: 2009-02-10 22:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://osvdb.org/51839	Broken Link
secure@microsoft.com	http://www.securityfocus.com/bid/33627	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA09-041A.html	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2009/0389	Vendor Advisory
secure@microsoft.com	http://www.zerodayinitiative.com/advisories/ZDI-09-011/	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002	Patch, Vendor Advisory
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000	Third Party Advisory
secure@microsoft.com	https://www.exploit-db.com/exploits/8077	Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/8079	Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/8080	Third Party Advisory, VDB Entry
secure@microsoft.com	https://www.exploit-db.com/exploits/8082	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/51839	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33627	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA09-041A.html	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0389	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.zerodayinitiative.com/advisories/ZDI-09-011/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8077	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8079	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8080	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/8082	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
microsoft	internet_explorer	7
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_server_2003	-
microsoft	windows_server_2008	*
microsoft	windows_server_2008	-
microsoft	windows_vista	-
microsoft	windows_vista	-
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_xp	-
microsoft	windows_xp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A33FA7F-BB2A-4C66-B608-72997A2BD1DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3527F41-A6ED-437D-9833-458A2C60C2A3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium:*:*:*:*:*",
              "matchCriteriaId": "9012FF99-B2F1-42F5-8366-D5071B66F42D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B33C9BD-FC34-4DFC-A81F-C620D3DAA79D",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*",
              "matchCriteriaId": "DBE4A4EA-A0DE-4FDE-B9EC-D8729E17A1F1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "51160A46-6768-44D5-89CD-6DB9D2268A2E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "7211B5C5-6B6E-4A33-88BC-1D64CD684204",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:*:professional:*:*:*:x64:*",
              "matchCriteriaId": "39DC2489-8FB9-4301-A966-268DE7D0A503",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:professional:*:*:*:x64:*",
              "matchCriteriaId": "C551BCF9-358A-46F5-8592-E309D3EBC5F3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "C9392D35-7BF5-48E9-879B-BBDE9A9E9AB9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft Internet Explorer 7 no maneja adecuadamente los errores durante un intento de acceso a los objetos eliminados, esto permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un documento HTML manipulado; est\u00e1 relacionado con CFunctionPointer y la inclusi\u00f3n de objetos de documentos. Tambi\u00e9n se conoce como \"Vulnerabilidad de Corrupci\u00f3n de Memoria no Iniciada\"\r\n"
    }
  ],
  "id": "CVE-2009-0075",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-02-10T22:30:00.250",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/51839"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33627"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0389"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8077"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8079"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8080"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/51839"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/0389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8079"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8080"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/8082"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2009-0075

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0075

Aliases

CVE-2009-0075

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0075",
    "description": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\"",
    "id": "GSD-2009-0075",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2009-0075"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0075"
      ],
      "details": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\"",
      "id": "GSD-2009-0075",
      "modified": "2023-12-13T01:19:43.721353Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2009-0075",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "oval:org.mitre.oval:def:6000",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
          },
          {
            "name": "8082",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8082"
          },
          {
            "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/",
            "refsource": "MISC",
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
          },
          {
            "name": "33627",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33627"
          },
          {
            "name": "ADV-2009-0389",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0389"
          },
          {
            "name": "51839",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/51839"
          },
          {
            "name": "8079",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8079"
          },
          {
            "name": "8080",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8080"
          },
          {
            "name": "8077",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/8077"
          },
          {
            "name": "TA09-041A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
          },
          {
            "name": "MS09-002",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:*:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:itanium:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:*:professional:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:professional:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2009-0075"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka \"Uninitialized Memory Corruption Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "33627",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/33627"
            },
            {
              "name": "TA09-041A",
              "refsource": "CERT",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA09-041A.html"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-09-011/"
            },
            {
              "name": "51839",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://osvdb.org/51839"
            },
            {
              "name": "ADV-2009-0389",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2009/0389"
            },
            {
              "name": "8082",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/8082"
            },
            {
              "name": "8080",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/8080"
            },
            {
              "name": "8079",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/8079"
            },
            {
              "name": "8077",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/8077"
            },
            {
              "name": "oval:org.mitre.oval:def:6000",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6000"
            },
            {
              "name": "MS09-002",
              "refsource": "MS",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-02-27T14:07Z",
      "publishedDate": "2009-02-10T22:30Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0075 (GCVE-0-2009-0075)

CERTA-2009-AVI-059

Description

Solution

CERTA-2009-AVI-059

Description

Solution

GHSA-84PR-V9RF-J48H

FKIE_CVE-2009-0075

GSD-2009-0075

Tags

Sightings

Nomenclature