Vulnerabilities > CVE-2009-3267 - Resource Management Errors vulnerability in Microsoft IE

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

CWE-399

NVD

Published: 2009-09-18

Updated: 2018-10-11

Summary

Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft IE 6.0 Microsoft IE 6.00.2462.0000 Microsoft IE 6.00.2479.0006 Microsoft IE 6.0.2600 Microsoft IE 6.00.2600.0000 Microsoft IE 6.0.2800 Microsoft IE 6.0.2800.1106 Microsoft IE 6.00.2800.1106 Microsoft IE 6.0.2900 Microsoft IE 6.0.2900.2180 Microsoft IE 6.00.2900.2180 Microsoft IE 6.00.3663.0000 Microsoft IE 6.00.3718.0000 Microsoft IE 6.00.3790.0000 Microsoft IE 6.00.3790.1830 Microsoft IE 6.00.3790.3959 Microsoft IE 7.0 Microsoft IE 7.0.5730 Microsoft IE 7.0.5730.11 Microsoft IE 7.00.5730.1100 Microsoft IE 7.00.6000.16386 Microsoft IE 7.00.6000.16441 Microsoft IE 7.0.6000.16711	23

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

Oval

accepted

2014-03-17T04:00:21.242-04:00

class

vulnerability

contributors

name Prabhu.S.A
organization SecPod Technologies
name Maria Kedovskaya
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Windows XP (x86) SP2 is installed
oval oval:org.mitre.oval:def:754
comment Microsoft Windows XP (x86) SP3 is installed
oval oval:org.mitre.oval:def:5631
comment Microsoft Windows Vista (32-bit) is installed
oval oval:org.mitre.oval:def:1282
comment Microsoft Windows Vista (32-bit) Service Pack 1 is installed
oval oval:org.mitre.oval:def:4873
comment Microsoft Windows Server 2003 SP1 (x86) is installed
oval oval:org.mitre.oval:def:565
comment Microsoft Windows Server 2003 SP2 (x86) is installed
oval oval:org.mitre.oval:def:1935
comment Microsoft Windows 2000 is installed
oval oval:org.mitre.oval:def:85

description

family

windows

oval:org.mitre.oval:def:5519

status

accepted

submitted

2009-09-23T15:11:12

title

Microsoft Internet Explorer 6 and Internet Explorer 7 KEYGEN element vulnerability

version

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Oval

References