CVE-2009-3019

Microsoft Internet Explorer - Code Injection

Title source: rule

Description

Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet Explorer 7 on Vista, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls createElement to create an instance of the LI element, and then calls setAttribute to set the value attribute.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Irfan Asrar · htmldoswindows

https://www.exploit-db.com/exploits/9455

View Code ZIP pw:eip

References (1)

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9455

Scores

EPSS 0.0716

EPSS Percentile 91.6%

Details

CWE

CWE-94

Status published

Products (2)

microsoft/internet_explorer 6

microsoft/internet_explorer 7

Published Aug 31, 2009

Tracked Since Feb 18, 2026