// For flags

CVE-2009-0551

 

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track*
*SSVC
Descriptions

Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."

Microsoft Internet Explorer v6 SP1, v6 y v7 en Windows XP SP2 y SP3, v6 y v7 en Windows Server 2003 SP1 y SP2, v7 en Windows Vista Gold y SP1, y v7 en Windows Server 2008 no maneja adecuadamente errores de transición en una petición a un documento HTTP seguido de una petición a un segundo documento HTTP, lo que permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados (1) múltiples páginas manipuladas en un sitio Web (2) una página Web con líneas de contenido manipulado como publicidad en forma de banner, también conocido como "Vulnerabilidad de Corrupción de Memoria en transición de página".

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Track*
Exploitation
None
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2009-02-12 CVE Reserved
  • 2009-04-15 CVE Published
  • 2024-09-18 EPSS Updated
  • 2024-10-21 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*-
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp1
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp1, itanium
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*pro_x64
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, pro_x64
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp3
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*-
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp1
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp1, itanium
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*-
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*32_bit
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*itanium
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Server 2008
Search vendor "Microsoft" for product "Windows Server 2008"
*x64
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*-
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*x64
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
*sp1
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Vista
Search vendor "Microsoft" for product "Windows Vista"
gold
Search vendor "Microsoft" for product "Windows Vista" and version "gold"
-
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*x64
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp2, x64
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
7
Search vendor "Microsoft" for product "Internet Explorer" and version "7"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows Xp
Search vendor "Microsoft" for product "Windows Xp"
*sp3
Safe
Microsoft
Search vendor "Microsoft"
Internet Explorer
Search vendor "Microsoft" for product "Internet Explorer"
6
Search vendor "Microsoft" for product "Internet Explorer" and version "6"
sp1
Affected
in Microsoft
Search vendor "Microsoft"
Windows 2000
Search vendor "Microsoft" for product "Windows 2000"
*sp4
Safe