CVE-2009-2519
Description
The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers system state corruption, aka DHTML Editing Component ActiveX Control Vulnerability.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
37.668
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ms09-046: vulnerability in the dhtml editing component activex control could allow remote code execution for Windows 2000 (KB956844) | Windows |
| ms09-046: vulnerability in the dhtml editing component activex control could allow remote code execution for Windows XP (KB956844) | Windows |
| ms09-046: vulnerability in the dhtml editing component activex control could allow remote code execution for Windows Server 2003 (KB956844) | Windows |
| ms09-046: vulnerability in the dhtml editing component activex control could allow remote code execution for Windows XP x64 Edition (KB956844) | Windows |
| ms09-046: vulnerability in the dhtml editing component activex control could allow remote code execution for Windows Server 2003 x64 Edition (KB956844) | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234