CVE-2009-0551
high-risk
Published 2009-04-15
Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
Do I need to act?
!
52.3% chance of exploitation in next 30 days
EPSS score — higher than 48% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.1/10
High
NETWORK
/ HIGH complexity
Affected Products (3)
Affected Vendors
References (18)
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
US Government Resource
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
51
/ 100
high-risk
Severity
24/34 · High
Exploitability
18/34 · Moderate
Exposure
9/34 · Low