| Vulnerability Name: | CVE-2009-2519 (CCN-52102) | ||||||||
| Assigned: | 2009-09-08 | ||||||||
| Published: | 2009-09-08 | ||||||||
| Updated: | 2019-02-26 | ||||||||
| Summary: | The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2009-2519 Source: CCN Type: SA36592 Microsoft Windows DHTML Editing ActiveX Control Vulnerability Source: SECUNIA Type: UNKNOWN 36592 Source: CCN Type: SECTRACK ID: 1022843 Microsoft DHTML Editing Component ActiveX Control Lets Remote Users Execute Arbitrary Code Source: CCN Type: Microsoft Security Bulletin MS09-046 Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) Source: BID Type: UNKNOWN 36280 Source: CCN Type: BID-36280 Microsoft DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability Source: SECTRACK Type: UNKNOWN 1022843 Source: CERT Type: US Government Resource TA09-251A Source: MS Type: UNKNOWN MS09-046 Source: XF Type: UNKNOWN win-dhtml-activex-code-execution(52102) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:6271 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||