CVE-2009-0341

Microsoft Internet Explorer 7.0 - RCE

Title source: llm

Description

The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Juan Pablo Lopez Yacubian · htmldoswindows

https://www.exploit-db.com/exploits/32763

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33494

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/500472/100/0/threaded

Scores

EPSS 0.4826

EPSS Percentile 97.7%

Details

CWE

CWE-119

Status published

Products (1)

microsoft/internet_explorer 7

Published Jan 29, 2009

Tracked Since Feb 18, 2026