CVE-2009-2655

Published: Aug 3, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.

Affected (2)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7
Microsoft Internet Explorer	Version 8

Running on/with	Platform Versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (8)

http://www.exploit-db.com/exploits/9253

Source: cve@mitre.org

http://www.securityfocus.com/bid/35799

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/52249

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700

Source: cve@mitre.org

http://www.exploit-db.com/exploits/9253

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35799

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/52249

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12700

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.