CVE-2009-1547

Microsoft Internet Explorer 5.0.1 - 'deflate' HTTP Content Encoding Remote Code Execution

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."

Vulnerabilidad inespecífica en Microsoft Internet Explorer v5.01 SP4, v6, v6 SP1, y v7 permite a atacantes remotos ejecutar código arbitrario a través de cabeceras de flujos de datos manipulados que inician una corrupción de memoria, también conocido como "Vulnerabilidad de corrupción de cabecera de flujo de datos".

Microsoft Internet Explorer suffers from a Content-Encoding: deflate memory corruption vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-05-05 CVE Reserved
2009-10-13 First Exploit
2009-10-14 CVE Published
2024-08-07 CVE Updated
2024-10-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (5)

URL	Tag	Source
http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6454	Signature

URL	Date	SRC
https://www.exploit-db.com/exploits/33270	2009-10-13
https://www.exploit-db.com/exploits/9893	2009-10-15

URL	Date	SRC

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-054	2023-12-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	5.01 Search vendor "Microsoft" for product "Internet Explorer" and version "5.01"	sp4	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	sp1	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	*	sp4	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, home	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	6 Search vendor "Microsoft" for product "Internet Explorer" and version "6"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	itanium	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	x32	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	sp2, itanium	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	sp2, x86	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	sp1	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp1	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, home	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 7 Search vendor "Microsoft" for product "Windows 7"	-	-	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	x32	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	r2, itanium	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	r2, x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	sp2, x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	-	sp2, x86	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	-	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	sp1	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	*	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	x64	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	sp2	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	*	sp3	Affected
Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	8 Search vendor "Microsoft" for product "Internet Explorer" and version "8"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, x64	Affected