CVE-2009-2529

Published: Oct 14, 2009Modified: Apr 23, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.2 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Component Handling Vulnerability."

Affected (25)

Products: Microsoft: Internet Explorer, Windows 2000, Windows Server 2008, Windows Vista, Windows Xp, Windows 7, Windows Server 2003

7 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 5.01 sp4
Microsoft Internet Explorer	Version 6 sp1
Microsoft Windows 2000	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Configuration C

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Configuration D

16 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8
Microsoft Windows 7	All versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Server 2008	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions