Oval Definition:oval:org.mitre.oval:def:5524
Revision Date:2014-08-18Version:48
Title:HTML Objects Memory Corruption Vulnerability
Description:Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 do not properly handle table operations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption by adding malformed elements to an empty DIV element, related to the getElementsByTagName method, aka "HTML Objects Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-1918
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Internet Explorer 5.01 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND Microsoft Internet Explorer 5.01 SP4 is installed
  • AND Mshtml.dll version is less than 5.0.3879.2200
  • OR Internet Explorer 6 on Windows 2000
  • Microsoft Windows 2000 is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.2800.1634
  • OR Internet Explorer 6 on Windows XP x86
  • Microsoft Windows XP (32-bit) is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.2900.3603
  • OR Internet Explorer 6 on Windows XP x86
  • Microsoft Windows XP (32-bit) is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.2900.5848
  • OR Internet Explorer 6 on all Windows XP x64, Server 2003 x86,x64,ia64
  • XP x64/server 2003 x86/x64/ia64
  • Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND Microsoft Internet Explorer 6 is installed
  • AND Mshtml.dll version is less than 6.0.3790.4555
  • OR Internet Explorer 7 on all Windows XP x86, x64
  • XP x86/x64
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND GDR or QFE Service branch
  • Mshtml.dll version is less than 7.0.6000.16890
  • OR QFE
  • Mshtml.dll version is greater than 7.0.6000.20000
  • AND Mshtml.dll version is less than 7.0.6000.21089
  • OR Internet Explorer 7 on all Windows Server 2003 x86/x64/ia64
  • Server 2003 x86/x64/ia64
  • Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • OR Microsoft Windows Server 2003 (ia64) Gold is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND GDR or QFE Service branch
  • Mshtml.dll version is less than 7.0.6000.16890
  • OR QFE
  • Mshtml.dll version is greater than 7.0.6000.20000
  • AND Mshtml.dll version is less than 7.0.6000.21089
  • OR Internet Explorer 7 on all Windows Vista x86/x64
  • Vista x86/x64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND GDR or LDR Service branch
  • Mshtml.dll version is less than 7.0.6000.16890
  • OR LDR
  • Mshtml.dll version is greater than 7.0.6000.20000
  • AND Mshtml.dll version is less than 7.0.6000.21089
  • OR Internet Explorer 7 on all Windows Vista x86/x64, all Server 2008 x86/x64/ia64
  • Vista x86/x64, Server 2008 x86/x64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND GDR or LDR Service branch
  • Mshtml.dll version is less than 7.0.6001.18294
  • OR LDR
  • Mshtml.dll version is greater than 7.0.6001.20000
  • AND Mshtml.dll version is less than 7.0.6001.22475
  • OR Internet Explorer 7 on all Windows Vista x86/x64, Server 2008 x86/64/ia64
  • Vista x86/x64, Server 2008 x86/64/ia64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (ia-64) is installed
  • AND Microsoft Internet Explorer 7 is installed
  • AND GDR or LDR Service branch
  • Mshtml.dll version is less than 7.0.6002.18071
  • OR LDR
  • Mshtml.dll version is greater than 7.0.6002.22000
  • AND Mshtml.dll version is less than 7.0.6002.22180
  • OR Internet Explorer 8 on all Windows XP x86/x64, Server 2003 x86/x64
  • XP x86/x64, Server 2003 x86/x64
  • Microsoft Windows XP (32-bit) is installed
  • OR Microsoft Windows XP x64 is installed
  • OR Microsoft Windows Server 2003 (32-bit) is installed
  • OR Microsoft Windows Server 2003 (x64) is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND GDR or LDR Service branch
  • Mshtml.dll version is less than 8.0.6001.18812
  • OR LDR
  • Mshtml.dll version is greater than 8.0.6001.22000
  • AND Mshtml.dll version is less than 8.0.6001.22902
  • OR Internet Explorer 8 on all Vista x86/x64, Server 2008 x86/x64
  • Vista x86/x64, Server 2008 x86/x64
  • Microsoft Windows Vista (32-bit) is installed
  • OR Microsoft Windows Vista x64 Edition is installed
  • OR Microsoft Windows Server 2008 (32-bit) is installed
  • OR Microsoft Windows Server 2008 (64-bit) is installed
  • AND Microsoft Internet Explorer 8 is installed
  • AND GDR or LDR Service branch
  • Mshtml.dll version is less than 8.0.6001.18813
  • OR LDR
  • Mshtml.dll version is greater than 8.0.6001.22000
  • AND Mshtml.dll version is less than 8.0.6001.22903
    • BACK