What is the severity of CVE-2009-2954?

CVE-2009-2954 has a severity rating that indicates it can cause denial of service, specifically CPU consumption and application hang.

How do I fix CVE-2009-2954?

To mitigate CVE-2009-2954, it is recommended to update the Internet Explorer software to a version that is not affected.

Which versions of Microsoft Internet Explorer are affected by CVE-2009-2954?

CVE-2009-2954 affects Microsoft Internet Explorer versions 5 and 6.0.2900.2180 and earlier.

What type of attack does CVE-2009-2954 enable?

CVE-2009-2954 enables remote attackers to exploit the vulnerability by causing CPU consumption and application hang.

Can CVE-2009-2954 be exploited by local users?

CVE-2009-2954 is primarily a remote attack vector, indicating it is intended for exploitation by remote attackers rather than local users.

Vulnerability/
CVE-2009-2954

medium

CWE

24/8/2009

7/8/2024

CVE-2009-2954: Input Validation

First published: Mon Aug 24 2009(Updated: )

Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Internet Explorer	=5
Internet Explorer	<=6.0.2900.2180
Internet Explorer	=5.01-sp4
Internet Explorer	=6
Internet Explorer	=5.01
Internet Explorer	=5.01-sp3
Internet Explorer	=5.5-sp2
Internet Explorer	=3.0.1
Internet Explorer	=3.0.2
Internet Explorer	=3.0
Internet Explorer	=3.1
Internet Explorer	=3.2
Internet Explorer	=4.0
Internet Explorer	=4.0.1
Internet Explorer	=4.0.1-sp2
Internet Explorer	=4.0.1-sp1
Internet Explorer	=4.01
Internet Explorer	=4.01-sp1
Internet Explorer	=4.1
Internet Explorer	=4.5
Internet Explorer	=4.40.308
Internet Explorer	=4.40.520
Internet Explorer	=4.70.1155
Internet Explorer	=4.70.1158
Internet Explorer	=4.70.1215
Internet Explorer	=4.70.1300
Internet Explorer	=4.72.3612.1713
Internet Explorer	=4.71.544
Internet Explorer	=4.71.1008.3
Internet Explorer	=4.71.1712.6
Internet Explorer	=4.72.2106.8
Internet Explorer	=4.72.3110.8
Internet Explorer	=5.0
Internet Explorer	=5.0.1
Internet Explorer	=5.0.1-sp2
Internet Explorer	=5.0.1-sp3
Internet Explorer	=5.0.1-sp4
Internet Explorer	=5.0.1-sp1
Internet Explorer	=5.00.0518.10
Internet Explorer	=5.00.0910.1309
Internet Explorer	=5.00.2014.0216
Internet Explorer	=5.00.2314.1003
Internet Explorer	=5.00.2614.3500
Internet Explorer	=5.00.2516.1900
Internet Explorer	=5.00.2919.800
Internet Explorer	=5.00.2919.3800
Internet Explorer	=5.00.2919.6307
Internet Explorer	=5.00.2920.0000
Internet Explorer	=5.00.3103.1000
Internet Explorer	=5.00.3105.0106
Internet Explorer	=5.00.3314.2101
Internet Explorer	=5.00.3315.1000
Internet Explorer	=5.00.3502.1000
Internet Explorer	=5.00.3700.1000
Internet Explorer	=5.50.3825.1300
Internet Explorer	=5.50.4030.2400
Internet Explorer	=5.50.4134.0100
Internet Explorer	=5.50.4134.0600
Internet Explorer	=5.50.4308.2900
Internet Explorer	=5.50.4522.1800
Internet Explorer	=5.50.4807.2300
Internet Explorer	=5.5
Internet Explorer	=5.01-sp1
Internet Explorer	=5.01-sp2
Internet Explorer	=5.1
Internet Explorer	=5.2.3
Internet Explorer	=5.5-preview
Internet Explorer	=5.5-sp1
Internet Explorer	=6.0.2600
Internet Explorer	=6.00.2462.0000
Internet Explorer	=6.00.2479.0006
Internet Explorer	=6.0
Internet Explorer	=6.0.2800
Internet Explorer	=6.0.2800.1106
Internet Explorer	=6.0.2900
Internet Explorer	=6.00.2600.0000

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2954?
CVE-2009-2954 has a severity rating that indicates it can cause denial of service, specifically CPU consumption and application hang.
How do I fix CVE-2009-2954?
To mitigate CVE-2009-2954, it is recommended to update the Internet Explorer software to a version that is not affected.
Which versions of Microsoft Internet Explorer are affected by CVE-2009-2954?
CVE-2009-2954 affects Microsoft Internet Explorer versions 5 and 6.0.2900.2180 and earlier.
What type of attack does CVE-2009-2954 enable?
CVE-2009-2954 enables remote attackers to exploit the vulnerability by causing CPU consumption and application hang.
Can CVE-2009-2954 be exploited by local users?
CVE-2009-2954 is primarily a remote attack vector, indicating it is intended for exploitation by remote attackers rather than local users.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/last-modified-date
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/internet explorer
version/internet explorer/5
version/internet explorer/6.0.2900.2180
version/internet explorer/5.01-sp4
version/internet explorer/6
version/internet explorer/5.01
version/internet explorer/5.01-sp3
version/internet explorer/5.5-sp2
version/internet explorer/3.0.1
version/internet explorer/3.0.2
version/internet explorer/3.0
version/internet explorer/3.1
version/internet explorer/3.2
version/internet explorer/4.0
version/internet explorer/4.0.1
version/internet explorer/4.0.1-sp2
version/internet explorer/4.0.1-sp1
version/internet explorer/4.01
version/internet explorer/4.01-sp1
version/internet explorer/4.1
version/internet explorer/4.5
version/internet explorer/4.40.308
version/internet explorer/4.40.520
version/internet explorer/4.70.1155
version/internet explorer/4.70.1158
version/internet explorer/4.70.1215
version/internet explorer/4.70.1300
version/internet explorer/4.72.3612.1713
version/internet explorer/4.71.544
version/internet explorer/4.71.1008.3
version/internet explorer/4.71.1712.6
version/internet explorer/4.72.2106.8
version/internet explorer/4.72.3110.8
version/internet explorer/5.0
version/internet explorer/5.0.1
version/internet explorer/5.0.1-sp2
version/internet explorer/5.0.1-sp3
version/internet explorer/5.0.1-sp4
version/internet explorer/5.0.1-sp1
version/internet explorer/5.00.0518.10
version/internet explorer/5.00.0910.1309
version/internet explorer/5.00.2014.0216
version/internet explorer/5.00.2314.1003
version/internet explorer/5.00.2614.3500
version/internet explorer/5.00.2516.1900
version/internet explorer/5.00.2919.800
version/internet explorer/5.00.2919.3800
version/internet explorer/5.00.2919.6307
version/internet explorer/5.00.2920.0000
version/internet explorer/5.00.3103.1000
version/internet explorer/5.00.3105.0106
version/internet explorer/5.00.3314.2101
version/internet explorer/5.00.3315.1000
version/internet explorer/5.00.3502.1000
version/internet explorer/5.00.3700.1000
version/internet explorer/5.50.3825.1300
version/internet explorer/5.50.4030.2400
version/internet explorer/5.50.4134.0100
version/internet explorer/5.50.4134.0600
version/internet explorer/5.50.4308.2900
version/internet explorer/5.50.4522.1800
version/internet explorer/5.50.4807.2300
version/internet explorer/5.5
version/internet explorer/5.01-sp1
version/internet explorer/5.01-sp2
version/internet explorer/5.1
version/internet explorer/5.2.3
version/internet explorer/5.5-preview
version/internet explorer/5.5-sp1
version/internet explorer/6.0.2600
version/internet explorer/6.00.2462.0000
version/internet explorer/6.00.2479.0006
version/internet explorer/6.0
version/internet explorer/6.0.2800
version/internet explorer/6.0.2800.1106
version/internet explorer/6.0.2900
version/internet explorer/6.00.2600.0000

CVE-2009-2954: Input Validation

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-2954?

How do I fix CVE-2009-2954?

Which versions of Microsoft Internet Explorer are affected by CVE-2009-2954?

What type of attack does CVE-2009-2954 enable?

Can CVE-2009-2954 be exploited by local users?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-2954?

How do I fix CVE-2009-2954?

Which versions of Microsoft Internet Explorer are affected by CVE-2009-2954?

What type of attack does CVE-2009-2954 enable?

Can CVE-2009-2954 be exploited by local users?