CVE-2009-2954

Published: Aug 24, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

Affected (76)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

76 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Up to 6.0.2900.2180
Microsoft Internet Explorer	Version 3.0.1
Microsoft Internet Explorer	Version 3.0.2
Microsoft Internet Explorer	Version 3.0
Microsoft Internet Explorer	Version 3.1
Microsoft Internet Explorer	Version 3.2
Microsoft Internet Explorer	Version 4.0.1
Microsoft Internet Explorer	Version 4.0.1 sp1
Microsoft Internet Explorer	Version 4.0.1 sp2
Microsoft Internet Explorer	Version 4.01
Microsoft Internet Explorer	Version 4.01 sp1
Microsoft Internet Explorer	Version 4.0
Microsoft Internet Explorer	Version 4.1
Microsoft Internet Explorer	Version 4.40.308
Microsoft Internet Explorer	Version 4.40.520
Microsoft Internet Explorer	Version 4.5
Microsoft Internet Explorer	Version 4.70.1155
Microsoft Internet Explorer	Version 4.70.1158
Microsoft Internet Explorer	Version 4.70.1215
Microsoft Internet Explorer	Version 4.70.1300
Microsoft Internet Explorer	Version 4.71.1008.3
Microsoft Internet Explorer	Version 4.71.1712.6
Microsoft Internet Explorer	Version 4.71.544
Microsoft Internet Explorer	Version 4.72.2106.8
Microsoft Internet Explorer	Version 4.72.3110.8
Microsoft Internet Explorer	Version 4.72.3612.1713
Microsoft Internet Explorer	Version 5.0.1
Microsoft Internet Explorer	Version 5.0.1 sp1
Microsoft Internet Explorer	Version 5.0.1 sp2
Microsoft Internet Explorer	Version 5.0.1 sp3
Microsoft Internet Explorer	Version 5.0.1 sp4
Microsoft Internet Explorer	Version 5.00.0518.10
Microsoft Internet Explorer	Version 5.00.0910.1309
Microsoft Internet Explorer	Version 5.00.2014.0216
Microsoft Internet Explorer	Version 5.00.2314.1003
Microsoft Internet Explorer	Version 5.00.2516.1900
Microsoft Internet Explorer	Version 5.00.2614.3500
Microsoft Internet Explorer	Version 5.00.2919.3800
Microsoft Internet Explorer	Version 5.00.2919.6307
Microsoft Internet Explorer	Version 5.00.2919.800
Microsoft Internet Explorer	Version 5.00.2920.0000
Microsoft Internet Explorer	Version 5.00.3103.1000
Microsoft Internet Explorer	Version 5.00.3105.0106
Microsoft Internet Explorer	Version 5.00.3314.2101
Microsoft Internet Explorer	Version 5.00.3315.1000
Microsoft Internet Explorer	Version 5.00.3502.1000
Microsoft Internet Explorer	Version 5.00.3700.1000
Microsoft Internet Explorer	Version 5.01
Microsoft Internet Explorer	Version 5.01 sp1
Microsoft Internet Explorer	Version 5.01 sp2
Microsoft Internet Explorer	Version 5.01 sp3
Microsoft Internet Explorer	Version 5.01 sp4
Microsoft Internet Explorer	Version 5.0
Microsoft Internet Explorer	Version 5.1
Microsoft Internet Explorer	Version 5.2.3
Microsoft Internet Explorer	Version 5.50.3825.1300
Microsoft Internet Explorer	Version 5.50.4030.2400
Microsoft Internet Explorer	Version 5.50.4134.0100
Microsoft Internet Explorer	Version 5.50.4134.0600
Microsoft Internet Explorer	Version 5.50.4308.2900
Microsoft Internet Explorer	Version 5.50.4522.1800
Microsoft Internet Explorer	Version 5.50.4807.2300
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 5.5 preview
Microsoft Internet Explorer	Version 5.5 sp1
Microsoft Internet Explorer	Version 5.5 sp2
Microsoft Internet Explorer	Version 5
Microsoft Internet Explorer	Version 6.0.2600
Microsoft Internet Explorer	Version 6.0.2800.1106
Microsoft Internet Explorer	Version 6.0.2800
Microsoft Internet Explorer	Version 6.0.2900
Microsoft Internet Explorer	Version 6.00.2462.0000
Microsoft Internet Explorer	Version 6.00.2479.0006
Microsoft Internet Explorer	Version 6.00.2600.0000
Microsoft Internet Explorer	Version 6.0
Microsoft Internet Explorer	Version 6

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://websecurity.com.ua/3424/

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/506006/100/0/threaded

Source: cve@mitre.org

http://websecurity.com.ua/3424/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/506006/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.