CVE-2009-0076

EPSS 58.48%
Published 10.02.2009 22:30:00
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 0 References 8

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version7

   Microsoft ≫ Windows Server 2003
   Microsoft ≫ Windows Server 2003 Updatesp1
   Microsoft ≫ Windows Server 2003 Updatesp1 Editionitanium
   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Server 2008 Editionitanium
   Microsoft ≫ Windows Server 2008 Editionx32
   Microsoft ≫ Windows Server 2008 Editionx64
   Microsoft ≫ Windows Vista Editionx64
   Microsoft ≫ Windows Vista Updatesp1
   Microsoft ≫ Windows Xp Editionprofessional_x64
   Microsoft ≫ Windows Xp Updatesp2
   Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64
   Microsoft ≫ Windows Xp Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	58.48%	0.982

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA09-041A.html

US Government Resource

http://www.vupen.com/english/advisories/2009/0389

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002

http://www.zerodayinitiative.com/advisories/ZDI-09-012/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6081

https://nvd.nist.gov/vuln/detail/CVE-2009-0076

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-0076

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-0076

EUVD