Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (969897) |
Informations | |||
---|---|---|---|
Name | MS09-019 | First vendor Publication | 2009-06-09 |
Vendor | Microsoft | Last vendor Modification | 2009-06-10 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (June 10, 2009): Removed known issues notation in the Executive Summary. No known issues for this security update currently exist.Summary: This security update resolves seven privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The more severe of the vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-42 | MIME Conversion |
CAPEC-44 | Overflow Binary Resource File |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-100 | Overflow Buffers |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
62 % | CWE-399 | Resource Management Errors |
12 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
12 % | CWE-362 | Race Condition |
12 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5554 | |||
Oval ID: | oval:org.mitre.oval:def:5554 | ||
Title: | DHTML Object Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1141 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6041 | |||
Oval ID: | oval:org.mitre.oval:def:6041 | ||
Title: | Race Condition Cross-Domain Information Disclosure Vulnerability | ||
Description: | Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3091 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6244 | |||
Oval ID: | oval:org.mitre.oval:def:6244 | ||
Title: | HTML Objects Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1532 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6260 | |||
Oval ID: | oval:org.mitre.oval:def:6260 | ||
Title: | HTML Object Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1528 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6278 | |||
Oval ID: | oval:org.mitre.oval:def:6278 | ||
Title: | Cross-Domain Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1140 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6294 | |||
Oval ID: | oval:org.mitre.oval:def:6294 | ||
Title: | HTML Objects Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1530 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6295 | |||
Oval ID: | oval:org.mitre.oval:def:6295 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1529 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6308 | |||
Oval ID: | oval:org.mitre.oval:def:6308 | ||
Title: | HTML Object Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1531 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-06-15 | Name : Ubuntu USN-785-1 (ipsec-tools) File : nvt/ubuntu_785_1.nasl |
2009-06-10 | Name : Cumulative Security Update for Internet Explorer (969897) File : nvt/secpod_ms09-019.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54951 | Microsoft IE Crafted HTML Malformed Row Property References Memory Corruption |
54950 | Microsoft IE Crafted onreadystatechange Event Memory Corruption |
54949 | Microsoft IE Crafted HTML Document Node Addition Event Handler Memory Corruption |
54948 | Microsoft IE setCapture Function Object Handling Uninitialized Memory Corruption |
54947 | Microsoft IE Crafted AJAX XMLHttpRequest Synchronization Memory Corruption |
54946 | Microsoft IE DHTML tr Element Handling Crafted Method Memory Corruption |
54945 | Microsoft IE Cached Data Handling Cross-Domain Information Disclosure |
54944 | Microsoft IE Race Condition Cross-Domain Information Disclosure |
38497 | Microsoft IE Page Transaction Race Condition Arbitrary Code Execution |
Snort® IPS/IDS
Date | Description |
---|---|
2017-02-03 | Microsoft Internet Explorer layout object use after free attempt RuleID : 41107 - Revision : 1 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer Unexpected method call remote code execution attempt RuleID : 31402 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer event handler memory corruption attempt RuleID : 17566 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ... RuleID : 16423 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Javascript Page update race condition attempt RuleID : 16010 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer layout object use after free attempt RuleID : 15540 - Revision : 16 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer onreadystatechange memory corruption attempt RuleID : 15538 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer invalid object modification exploit attempt RuleID : 15536 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer setCapture heap corruption exploit attempt RuleID : 15535 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer XML HttpRequest race condition exploit attempt RuleID : 15534 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer Unexpected method call remote code execution attempt RuleID : 15531 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer cross-domain navigation cookie stealing attempt RuleID : 15529 - Revision : 9 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-06-10 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-019.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-16 21:25:20 |
|
2014-02-17 11:46:13 |
|
2014-01-19 21:30:19 |
|