CVE-2009-1918

EPSS 65.71%
Published 29.07.2009 17:30:01
Last modified 09.04.2025 00:30:58
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version6

   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Xp Updatesp1
   Microsoft ≫ Windows Xp Updatesp2 Editionprofessional_x64
   Microsoft ≫ Windows Xp Version- Updatesp2
   Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Internet Explorer Version7

   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Server 2008 Version- Update- Editionx32
   Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86
   Microsoft ≫ Windows Vista Updatesp1
   Microsoft ≫ Windows Vista Updatesp2
   Microsoft ≫ Windows Vista Version- Update- Editionx64
   Microsoft ≫ Windows Xp Version- Updatesp2
   Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Internet Explorer Version5.01 Updatesp4

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Internet Explorer Version6 Updatesp1

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Internet Explorer Version8

   Microsoft ≫ Windows Server 2003 Updatesp2
   Microsoft ≫ Windows Server 2008 Editionitanium
   Microsoft ≫ Windows Server 2008 Updatesp2 Editionitanium
   Microsoft ≫ Windows Server 2008 Updatesp2 Editionx64
   Microsoft ≫ Windows Server 2008 Version- Update- Editionx32
   Microsoft ≫ Windows Server 2008 Version- Update- Editionx64
   Microsoft ≫ Windows Server 2008 Version- Updatesp2 Editionx86
   Microsoft ≫ Windows Vista Updatesp1
   Microsoft ≫ Windows Vista Updatesp2
   Microsoft ≫ Windows Xp Version- Updatesp2
   Microsoft ≫ Windows Xp Version- Updatesp2 Editionx64
   Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	65.71%	0.985

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.us-cert.gov/cas/techalerts/TA09-195A.html

US Government Resource

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693

http://www.securitytracker.com/id?1022611

http://www.vupen.com/english/advisories/2009/2033

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034

http://www.securityfocus.com/archive/1/505523/100/0/threaded

http://www.securityfocus.com/bid/35826

http://www.zerodayinitiative.com/advisories/ZDI-09-047

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5524

https://nvd.nist.gov/vuln/detail/CVE-2009-1918

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1918

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1918

EUVD