CVE-2009-2536

Published: Jul 20, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer 5 through 8 allows remote attackers to cause a denial of service (memory consumption and application crash) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

Affected (4)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Up to 8
Microsoft Internet Explorer	Version 5
Microsoft Internet Explorer	Version 6
Microsoft Internet Explorer	Version 7

Related CWEs

CWE-399

References (14)

http://www.exploit-db.com/exploits/9160

Source: cve@mitre.org

http://www.g-sec.lu/one-bug-to-rule-them-all.html

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/504969/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/504988/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/504989/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/505006/100/0/threaded

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/52870

Source: cve@mitre.org

http://www.exploit-db.com/exploits/9160