Vulnerability Description
Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 8 |
| Microsoft | Windows Server 2003 | - |
| Microsoft | Windows Server 2008 | - |
| Microsoft | Windows Vista | - |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://osvdb.org/54951Broken Link
- http://www.securityfocus.com/archive/1/504208/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022350Broken LinkThird Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlBroken LinkThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2009/1538Broken LinkVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-09-041Broken LinkThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-01PatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
- http://osvdb.org/54951Broken Link
- http://www.securityfocus.com/archive/1/504208/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022350Broken LinkThird Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA09-160A.htmlBroken LinkThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2009/1538Broken LinkVendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-09-041Broken LinkThird Party AdvisoryVDB Entry
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-01PatchVendor Advisory
FAQ
What is CVE-2009-1532?
CVE-2009-1532 is a vulnerability with a CVSS score of 8.8 (HIGH). Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remo...
How severe is CVE-2009-1532?
CVE-2009-1532 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1532?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista, Microsoft Windows Xp.