CVE-2009-1917

Published: Jul 29, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."

Affected (5)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Running on/with	Platform Versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7

Running on/with	Platform Versions
Microsoft Windows Vista	All versions

Configuration C

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5.01 sp4
Microsoft Internet Explorer	Version 6 sp1

Running on/with	Platform Versions
Microsoft Windows 2000	All versions

Configuration D

1 vulnerable · 12 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8

Running on/with	Platform Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions