CVE-2009-4074

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the "response-changing mechanism" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka "XSS Filter Script Handling Vulnerability."

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf
http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/
http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/
http://www.securityfocus.com/bid/37135
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

Information

Published : 2009-11-25 10:30

Updated : 2021-07-23 08:12

NVD link : CVE-2009-4074

Mitre link : CVE-2009-4074

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

microsoft

internet_explorer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf", "name": "http://www.owasp.org/images/5/50/OWASP-Italy_Day_IV_Maone.pdf", "tags": [], "refsource": "MISC"}, {"url": "http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/", "name": "http://hackademix.net/2009/11/21/ies-xss-filter-creates-xss-vulnerabilities/", "tags": [], "refsource": "MISC"}, {"url": "http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/", "name": "http://www.theregister.co.uk/2009/11/20/internet_explorer_security_flaw/", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/37135", "name": "37135", "tags": [], "refsource": "BID"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7715", "name": "oval:org.mitre.oval:def:7715", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-002", "name": "MS10-002", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to leverage the \"response-changing mechanism\" to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, related to the details of output encoding and improper modification of an HTML attribute, aka \"XSS Filter Script Handling Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-4074", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-11-25T18:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-07-23T15:12Z"}