Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1917

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1917
Last Modified 21 Aug 2010 01:32:59
Published 29 Jul 2009 01:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1917

Summary

Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 6

  • Microsoft Ie 7

  • Microsoft Ie 8


References

CERT - TA09-195A

MS - MS09-034

VUPEN - ADV-2009-2033

SECTRACK - 1022611

BID - 35831

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693


Last Updated: 27 May 2016 10:50:44