CVE-2009-1532

Published: Jun 10, 2009Modified: Apr 23, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable · 11 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8

Running on/with	Platform Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (16)

http://osvdb.org/54951

Source: secure@microsoft.com

Broken Link

http://www.securityfocus.com/archive/1/504208/100/0/threaded

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022350

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/1538

Source: secure@microsoft.com

Broken LinkVendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-09-041

Source: secure@microsoft.com

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019

Source: secure@microsoft.com

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244

Source: secure@microsoft.com

Broken Link

http://osvdb.org/54951

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.securityfocus.com/archive/1/504208/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1022350

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2009/1538

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-09-041

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.