First published: Wed Apr 15 2009(Updated: )
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Internet Explorer | =6 | |
Any of | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =sp1 | |
Microsoft Windows Server | =sp1 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows XP | ||
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 | |
All of | ||
Internet Explorer | =7 | |
Any of | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =sp1 | |
Microsoft Windows Server | =sp1 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Vista | ||
Microsoft Windows Vista | ||
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =gold | |
Microsoft Windows XP | ||
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 | |
All of | ||
Internet Explorer | =6-sp1 | |
Microsoft Windows 2000 | =sp4 | |
Internet Explorer | =6 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =sp1 | |
Microsoft Windows Server | =sp1 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows XP | ||
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows XP | =sp3 | |
Internet Explorer | =7 | |
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Vista | ||
Microsoft Windows Vista | ||
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =sp1 | |
Microsoft Windows Vista | =gold | |
Microsoft Windows XP | ||
Microsoft Windows XP | =sp2 | |
Internet Explorer | =6-sp1 | |
Microsoft Windows 2000 | =sp4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-0551 has a moderate severity rating, which indicates that exploitation could lead to information disclosure or unauthorized access.
To address CVE-2009-0551, upgrade to a newer version of Microsoft Internet Explorer that is not affected by this vulnerability.
CVE-2009-0551 affects Microsoft Internet Explorer 6 and 7 on various Windows platforms including XP, Server 2003, Vista, and Server 2008.
Yes, CVE-2009-0551 is remotely exploitable, which means attackers can potentially exploit it without physical access to the vulnerable system.
CVE-2009-0551 primarily affects Windows XP SP2 and SP3, Windows Server 2003 SP1 and SP2, and Windows Vista, among others.