Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (963027) |
Informations | |||
---|---|---|---|
Name | MS09-014 | First vendor Publication | 2009-04-14 |
Vendor | Microsoft | Last vendor Modification | 2010-07-21 |
Severity (Vendor) | Critical | Revision | 1.4 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.4 (July 21, 2010): Corrected the value of the dword associated with enabling the defense-in-depth protection in the section, Frequently Asked Questions (FAQ) Related to This Security Update. Users who previously enabled the defense-in-depth protection against the blended threat issue should verify their environment is using the correct dword value.Summary: This security update resolves four privately reported vulnerabilities and two publicly disclosed vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer or if a user connects to an attacker's server by way of the HTTP protocol. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
60 % | CWE-399 | Resource Management Errors |
20 % | CWE-264 | Permissions, Privileges, and Access Controls |
20 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5320 | |||
Oval ID: | oval:org.mitre.oval:def:5320 | ||
Title: | Windows HTTP Services Credential Reflection Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0550 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5551 | |||
Oval ID: | oval:org.mitre.oval:def:5551 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0552 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5723 | |||
Oval ID: | oval:org.mitre.oval:def:5723 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0554 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5782 | |||
Oval ID: | oval:org.mitre.oval:def:5782 | ||
Title: | Blended Threat Elevation of Privilege Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6069 | |||
Oval ID: | oval:org.mitre.oval:def:6069 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0553 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6108 | |||
Oval ID: | oval:org.mitre.oval:def:6108 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6164 | |||
Oval ID: | oval:org.mitre.oval:def:6164 | ||
Title: | Page Transition Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0551 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7569 | |||
Oval ID: | oval:org.mitre.oval:def:7569 | ||
Title: | WinINet and Windows HTTP Services Credential Reflection Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0550 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8509 | |||
Oval ID: | oval:org.mitre.oval:def:8509 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Internet Explorer WinINet credential reflection vulnerability | More info here |
ExploitDB Exploits
id | Description |
---|---|
2009-04-20 | MS Internet Explorer EMBED Memory Corruption PoC (MS09-014) |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-15 | Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) File : nvt/secpod_ms09-013.nasl |
2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
2009-04-15 | Name : Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege... File : nvt/secpod_ms09-015.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53627 | Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2... |
53626 | Microsoft IE EMBED Element Handling Memory Corruption Arbitrary Code Execution |
53625 | Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2... |
53624 | Microsoft IE Page Transition Unspecified Memory Corruption Arbitrary Code Exe... |
53623 | Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code ... |
53619 | Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution |
45892 | Apple Safari on Mac OS X Default Download Location Unspecified Arbitrary Code... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-19 | IAVM : 2009-A-0034 - Microsoft Windows HTTP Services Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0018756 |
2009-04-16 | IAVM : 2009-T-0021 - Microsoft Windows SearchPath Blended Threat Vulnerability Severity : Category II - VMSKEY : V0018776 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer History.go method double free corruption attempt RuleID : 18482 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer EMBED element memory corruption attempt RuleID : 17729 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Internet Explorer EMBED element memory corruption attempt RuleID : 17709 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer marquee object handling memory corruption attempt RuleID : 17462 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat attempt RuleID : 16319 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Revision : 14 - Type : OS-WINDOWS |
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat dll request RuleID : 15468 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer marquee tag onstart memory corruption RuleID : 15461 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer ActiveX load/unload race condition attempt RuleID : 15460 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer deleted/unitialized object memory corruption attempt RuleID : 15459 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer navigating between pages race condition attempt RuleID : 15458 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Revision : 16 - Type : OS-WINDOWS |
2014-01-10 | Web-based NTLM replay attack attempt RuleID : 15124 - Revision : 17 - Type : OS-WINDOWS |
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 15009 - Revision : 22 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : The remote host contains an API that is affected by multiple vulnerabilities. File : smb_nt_ms09-013.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-014.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : The remote host may allow remote code execution. File : smb_nt_ms09-015.nasl - Type : ACT_GATHER_INFO |
2008-06-20 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_1_2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:12 |
|
2014-01-19 21:30:18 |
|