CVE-2009-0552
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
Vulnerabilidad no especificada en Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 en Windows XP SP2 y SP3, y 6 en Windows Server 2003 SP1 y SP2 permite a atacantes remotos ejecutar código de su elección a través de una página web que dispara la presencia de un objeto en memoria que (1) no fue inicializado adecuadamente o (2) borrado, también conocido como "Vulnerabilidad de corrupción de memoria sin inicializar".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-02-12 CVE Reserved
- 2009-04-15 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/53625 | Vdb Entry | |
| http://secunia.com/advisories/34678 | Third Party Advisory | |
| http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm | X_refsource_confirm | |
| http://www.securitytracker.com/id?1022042 | Vdb Entry | |
| http://www.us-cert.gov/cas/techalerts/TA09-104A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2009/1028 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 | 2021-07-23 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Ie Search vendor "Microsoft" for product "Ie" | 6.0 Search vendor "Microsoft" for product "Ie" and version "6.0" | sp1 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 5.0.1 Search vendor "Microsoft" for product "Internet Explorer" and version "5.0.1" | sp4 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2000 Search vendor "Microsoft" for product "Windows 2000" | * | sp4 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | - |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp1, itanium |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | pro_x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp2, pro_x64 |
Safe
|
| Microsoft Search vendor "Microsoft" | Internet Explorer Search vendor "Microsoft" for product "Internet Explorer" | 6 Search vendor "Microsoft" for product "Internet Explorer" and version "6" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Xp Search vendor "Microsoft" for product "Windows Xp" | * | sp3 |
Safe
|