QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-3672

Back to search

CVE-2009-3672

Published: Dec 2, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.

VendorProductVersions

n/a

n/a

affected
n/a

References

20091120 IE7
mailing-list
x_refsource_BUGTRAQ
VU#515749
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:6381
vdb-entry
signature
x_refsource_OVAL
MS09-072
vendor-advisory
x_refsource_MS
TA09-342A
third-party-advisory
x_refsource_CERT
37085
vdb-entry
x_refsource_BID
ADV-2009-3301
vdb-entry
x_refsource_VUPEN
37448
third-party-advisory
x_refsource_SECUNIA
1023293
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now