CVE-2009-1918: Code Injection
First published: Wed Jul 29 2009(Updated: )
Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Internet Explorer | =6 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| All of | ||
| Internet Explorer | =7 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | ||
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| All of | ||
| Any of | ||
| Internet Explorer | =5.01-sp4 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Windows 2000 | =sp4 | |
| All of | ||
| Internet Explorer | =8 | |
| Any of | ||
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Internet Explorer | =6 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Internet Explorer | =7 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows Vista | ||
| Internet Explorer | =5.01-sp4 | |
| Internet Explorer | =6-sp1 | |
| Microsoft Windows 2000 | =sp4 | |
| Internet Explorer | =8 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | =sp2 | |
| Microsoft Windows Server 2008 Itanium | ||
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/2033
- http://www.securitytracker.com/id?1022611
- http://www.securityfocus.com/bid/35826
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=953693
- http://www.zerodayinitiative.com/advisories/ZDI-09-047
- http://www.us-cert.gov/cas/techalerts/TA09-195A.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5524
- http://www.securityfocus.com/archive/1/505523/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-034
Frequently Asked Questions
What is the severity of CVE-2009-1918?
CVE-2009-1918 is rated as important due to its potential for exploitation through untrusted web content.
How do I fix CVE-2009-1918?
To mitigate CVE-2009-1918, users should update Internet Explorer to the latest version or apply the available security updates from Microsoft.
What versions of Internet Explorer are affected by CVE-2009-1918?
CVE-2009-1918 affects Internet Explorer versions 5.01 SP4, 6 SP1, 7, and 8.
Can CVE-2009-1918 be exploited remotely?
Yes, CVE-2009-1918 can be exploited remotely through malicious web pages that execute harmful scripts.
Is there a workaround for CVE-2009-1918?
Disabling scripting in Internet Explorer can serve as a temporary workaround to prevent exploitation of CVE-2009-1918.
- collector/nvd-historical
- agent/event
- agent/author
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/description
- agent/severity
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/internet explorer
- version/internet explorer/6
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3
- version/internet explorer/7
- canonical/microsoft windows server 2008 itanium
- version/microsoft windows server 2008 itanium/sp2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- version/internet explorer/5.01-sp4
- version/internet explorer/6-sp1
- canonical/microsoft windows 2000
- version/microsoft windows 2000/sp4
- version/internet explorer/8