CVE-2009-2433

Microsoft Internet Explorer - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sberry · htmldoswindows

https://www.exploit-db.com/exploits/9100

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/35620

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9100

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829

Scores

EPSS 0.1806

EPSS Percentile 95.2%

Details

CWE

CWE-119

Status published

Products (9)

microsoft/ie 8.0b

microsoft/internet_explorer 7

microsoft/internet_explorer 7.0 (5 CPE variants)

microsoft/internet_explorer 7.0.5730 unknown

microsoft/internet_explorer 7.0.5730.11

microsoft/internet_explorer 7.00.5730.1100

microsoft/internet_explorer 7.00.6000.16386

microsoft/internet_explorer 7.00.6000.16441

microsoft/internet_explorer 8.0.6001 (2 CPE variants)

Published Jul 10, 2009

Tracked Since Feb 18, 2026