CVE-2009-2655

EPSS 27.95%
Published 03.08.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Internet Explorer Version7

Microsoft ≫ Windows Xp Version- Updatesp3

Microsoft ≫ Internet Explorer Version8

Microsoft ≫ Windows Xp Version- Updatesp3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	27.95%	0.963

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.exploit-db.com/exploits/9253

http://www.securityfocus.com/bid/35799

https://exchange.xforce.ibmcloud.com/vulnerabilities/52249

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700

https://nvd.nist.gov/vuln/detail/CVE-2009-2655

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-2655

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-2655

EUVD