CVE-2009-2655

EPSS 27.95%
Veröffentlicht 03.08.2009 14:30:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version7

Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Internet Explorer Version8

Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	27.95%	0.963

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.exploit-db.com/exploits/9253

http://www.securityfocus.com/bid/35799

https://exchange.xforce.ibmcloud.com/vulnerabilities/52249

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700

https://nvd.nist.gov/vuln/detail/CVE-2009-2655

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2655

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2655

EUVD