CVE-2009-3671
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3674.
Affected (23)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5.0.1 sp4 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6 sp1 | |
| All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6 | |
| All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7 | |
| All versions | |
| All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 8 | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Related CWEs
CWE-399
CWE-399
CWE-416
Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
References (8)
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.