Vulnerabilities > CVE-2009-1917 - Resource Management Errors vulnerability in Microsoft Internet Explorer
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability."
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 | |
OS | 16 |
Common Weakness Enumeration (CWE)
Msbulletin
bulletin_id | MS09-034 |
bulletin_url | |
date | 2009-07-28T00:00:00 |
impact | Remote Code Execution |
knowledgebase_id | 972260 |
knowledgebase_url | |
severity | Critical |
title | Cumulative Security Update for Internet Explorer |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS09-034.NASL |
description | The remote host is missing IE Security Update 972260. The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 40407 |
published | 2009-07-28 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/40407 |
title | MS09-034: Cumulative Security Update for Internet Explorer (972260) |
code |
|
Oval
accepted | 2014-08-18T04:06:08.724-04:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle attempts to access deleted objects in memory, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Memory Corruption Vulnerability." | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:6072 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2009-07-28T13:00:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Memory Corruption Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 77 |
Seebug
bulletinFamily | exploit |
description | Bugraq ID: 35831 CVE ID:CVE-2009-1917 Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer处理内存对象存在安全问题,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 攻击者需要构建恶意WEB页,诱使用户访问来触发此漏洞,目前没有详细漏洞细节提供。 Microsoft Internet Explorer 8 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 厂商解决方案 用户可参考如下供应商提供的安全补丁: Microsoft Internet Explorer 6.0 SP1 Microsoft Cumulative Security Update for Internet Explorer 6 SP1 (KB972260) http://www.microsoft.com/downloads/details.aspx?FamilyID=93bd1baa-e2fb -4e8c-9dd7-738efef32282 Microsoft Internet Explorer 7.0 Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=f4112c25-9e6f -473a-bdbc-3df6dd66e6af Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (K http://www.microsoft.com/downloads/details.aspx?FamilyID=adb6bad2-9931 -4ede-856e-bb43bb0f6071 Microsoft Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=a594ee0d-ec8f -47df-9125-89d0bbf2115d Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP (KB972260) http://www.microsoft.com/downloads/details.aspx?FamilyID=c874c8f8-0449 -42b1-8d8b-901040069568 Microsoft Cumulative Security Update for Internet Explorer 7 for Windows XP x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=113cc76a-c434 -42ff-b594-4834989ad5ba Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=92e3af41-71b0 -4a28-afc7-123733180ead Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems http://www.microsoft.com/downloads/details.aspx?familyid=470387ac-6d75 -4b7e-8ca5-376b67a8bd4d Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Server 2008 x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=1958ec40-3b7b -43a9-9fdc-742735dcf516 Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=d3be9a13-1a5b -4b74-9649-449df923f573 Microsoft Cumulative Security Update for Internet Explorer 7 in Windows Vista x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=2b23cd74-6cf1 -413b-82a7-b602347e3ce6 Microsoft Internet Explorer 8 Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=f4ae65a7-142f -4953-a542-315dac2ac606 Microsoft Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=3bc0e17b-898b -4f29-aa29-607527e1c1cd Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=0acc8aaa-0ae1 -412a-9f2b-dc7c707cae00 Microsoft Cumulative Security Update for Internet Explorer 8 for Windows XP x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=29c8d9e6-2cb8 -42b6-b0a6-2510fdb49eab Microsoft Cumulative Security Update for Internet Explorer 8 in Windows 2008 R2 Release Candidate for Itanium- http://www.microsoft.com/downloads/details.aspx?familyid=d223766f-2728 -451d-98dd-c250ca52a76f Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=30f99bda-9107 -4969-90af-2a30e12acdae Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Server 2008 x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=acd3667b-6676 -4010-b23b-e8372dd55f93 Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=b05a19f7-7412 -4c2b-ad11-34396e54ca43 Microsoft Cumulative Security Update for Internet Explorer 8 in Windows Vista x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=900e9a05-2f71 -42de-b603-47e4ac061bcb Microsoft Internet Explorer 6.0 Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=44852619-58ad -48f2-bc55-e8e1c72b1ba9 Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB9 http://www.microsoft.com/downloads/details.aspx?familyid=cdb70acf-77c3 -40a4-b6a3-0fbc0fc0d7fc Microsoft Cumulative Security Update for Internet Explorer for Windows Server 2003 x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=bd7f36c6-c5c5 -4f19-ab59-39f1aaba7fe2 Microsoft Cumulative Security Update for Internet Explorer for Windows XP (KB972260) http://www.microsoft.com/downloads/details.aspx?FamilyID=22bed634-5227 -4a22-8df5-801f3e2e232a Microsoft Cumulative Security Update for Internet Explorer for Windows XP x64 Edition (KB972260) http://www.microsoft.com/downloads/details.aspx?familyid=35ab0c5e-df3d -4873-8139-d1d98b3ac350 |
id | SSV:11917 |
last seen | 2017-11-19 |
modified | 2009-07-29 |
published | 2009-07-29 |
reporter | Root |
title | Microsoft Internet Explorer (CVE-2009-1917)内存破坏远程代码执行漏洞(MS09-034) |
References
- http://www.securitytracker.com/id?1022611
- http://www.securityfocus.com/bid/35831
- http://www.vupen.com/english/advisories/2009/2033
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6072
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034