Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2519

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-2519
Last Modified 22 Oct 2012 11:09:13
Published 08 Sep 2009 06:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2519

Summary

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."

Vulnerable Systems

Operating System

  • Microsoft Windows 2000 -

  • Microsoft Windows Server 2003

  • Microsoft Windows Xp

  • Microsoft Windows Xp -


References

CERT - TA09-251A

MS - MS09-046

SECTRACK - 1022843

BID - 36280

SECUNIA - 36592


Last Updated: 27 May 2016 10:51:45