CVE-2009-1140

Microsoft Internet Explorer Cross-Domain Information Disclosure via Cached Content Rendering

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1140. PoCs published by Jorge Luis Alvarez Medina.

AI-analyzed exploit summary This is a writeup describing a cross-domain information-disclosure vulnerability in Microsoft Internet Explorer due to improper enforcement of the same-origin policy. It allows attackers to access local files or content from another domain or security zone.

Description

Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jorge Luis Alvarez Medina · textremotewindows

https://www.exploit-db.com/exploits/33024

View Code ZIP pw:eip

This is a writeup describing a cross-domain information-disclosure vulnerability in Microsoft Internet Explorer due to improper enforcement of the same-origin policy. It allows attackers to access local files or content from another domain or security zone.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Internet Explorer (unspecified version)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1538

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1022350

Scores

EPSS 0.6130

EPSS Percentile 98.3%

Details

CWE

CWE-200

Status published

Products (3)

microsoft/internet_explorer 6 (2 CPE variants)

microsoft/internet_explorer 7

microsoft/internet_explorer 5.01 sp4

Published Jun 10, 2009

Tracked Since Feb 18, 2026