CVE-2009-0553

Microsoft Internet Explorer <7 - RCE

Title source: llm

Description

Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Skylined · htmldoswindows

https://www.exploit-db.com/exploits/8479

View Code ZIP pw:eip

References (10)

[Third Party Advisory, VDB Entry] http://osvdb.org/53626

[URL Repurposed] http://skypher.com/index.php/2009/04/19/ms09-014-embed-element-memory-corruption/

[Vendor Advisory] http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA09-104A.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/34424

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6069

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022042

[Third Party Advisory] http://secunia.com/advisories/34678

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/1028

Scores

EPSS 0.7242

EPSS Percentile 98.8%

Details

CWE

CWE-399

Status published

Products (2)

microsoft/internet_explorer 6 (2 CPE variants)

microsoft/internet_explorer 7

Published Apr 15, 2009

Tracked Since Feb 18, 2026