ID CVE-2009-0554
Summary Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp1:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:pro_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:pro_x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:32_bit:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:32_bit:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_vista:gold:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:*:x64:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:x64:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 26-02-2019 - 14:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
msbulletin via4
bulletin_id MS09-014
bulletin_url
date 2009-04-14T00:00:00
impact Remote Code Execution
knowledgebase_id 963027
knowledgebase_url
severity Critical
title Cumulative Security Update for Internet Explorer
oval via4
accepted 2014-08-18T04:06:02.222-04:00
class vulnerability
contributors
  • name Dragos Prisaca
    organization Gideon Technologies, Inc.
  • name Brendan Miles
    organization The MITRE Corporation
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Internet Explorer 5.01 SP4 is installed
    oval oval:org.mitre.oval:def:325
  • comment Microsoft Windows 2000 is installed
    oval oval:org.mitre.oval:def:85
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP is installed
    oval oval:org.mitre.oval:def:105
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Internet Explorer 6 is installed
    oval oval:org.mitre.oval:def:563
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows XP (32-bit) is installed
    oval oval:org.mitre.oval:def:1353
  • comment Microsoft Windows XP x64 is installed
    oval oval:org.mitre.oval:def:15247
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Server 2003 (32-bit) is installed
    oval oval:org.mitre.oval:def:1870
  • comment Microsoft Windows Server 2003 (x64) is installed
    oval oval:org.mitre.oval:def:730
  • comment Microsoft Windows Server 2003 (ia64) Gold is installed
    oval oval:org.mitre.oval:def:396
  • comment Microsoft Internet Explorer 7 is installed
    oval oval:org.mitre.oval:def:627
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
  • comment Microsoft Windows Vista (32-bit) is installed
    oval oval:org.mitre.oval:def:1282
  • comment Microsoft Windows Vista x64 Edition is installed
    oval oval:org.mitre.oval:def:2041
  • comment Microsoft Windows Server 2008 (32-bit) is installed
    oval oval:org.mitre.oval:def:4870
  • comment Microsoft Windows Server 2008 (64-bit) is installed
    oval oval:org.mitre.oval:def:5356
  • comment Microsoft Windows Server 2008 (ia-64) is installed
    oval oval:org.mitre.oval:def:5667
description Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
family windows
id oval:org.mitre.oval:def:5723
status accepted
submitted 2009-04-14T16:00:00
title Uninitialized Memory Corruption Vulnerability
version 77
refmap via4
cert TA09-104A
confirm http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm
sectrack 1022042
secunia 34678
vupen ADV-2009-1028
Last major update 26-02-2019 - 14:04
Published 15-04-2009 - 08:00
Last modified 26-02-2019 - 14:04
Back to Top