Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0072

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0072
Last Modified 09 Jan 2009 12:00:00
Published 08 Jan 2009 02:30:11
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0072

Summary

Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.

Vulnerable Systems

Application

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 8


References

XF - ie-javascript-screen-dos(47788)

BID - 33149

MISC - http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/


Last Updated: 27 May 2016 10:50:06