CVE-2009-3019

Microsoft Internet Explorer 6 on Windows XP SP2/SP3 and IE 7 on Vista - DoS via LI Element Attribute Manipulation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3019. PoCs published by Irfan Asrar.

AI-analyzed exploit summary This exploit triggers a crash in Internet Explorer by manipulating the 'value' attribute of a list item element, leading to a denial of service (DoS) condition. It leverages a use-after-free vulnerability in IE6 and IE7.

Description

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Irfan Asrar · htmldoswindows

https://www.exploit-db.com/exploits/9455

View Code ZIP pw:eip

This exploit triggers a crash in Internet Explorer by manipulating the 'value' attribute of a list item element, leading to a denial of service (DoS) condition. It leverages a use-after-free vulnerability in IE6 and IE7.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Internet Explorer 6/7

No auth needed

Prerequisites: Victim must visit the malicious webpage using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9455

Scores

EPSS 0.1737

EPSS Percentile 96.7%

Details

CWE

CWE-94

Status published

Products (2)

microsoft/internet_explorer 6

microsoft/internet_explorer 7

Published Aug 31, 2009

Tracked Since Feb 18, 2026