Test ID:	1.3.6.1.4.1.25623.1.0.900364
Category:	Windows : Microsoft Bulletins
Title:	Cumulative Security Update for Internet Explorer (969897)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS09-019.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-019. Vulnerability Insight: Multiple flaws are due to: - Scripts may persist across navigations and let a malicious site interact with a site in an arbitrary external domain. - When application fails to properly enforce the same-origin policy. - In the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. - Error in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. - Error in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted by specially crafted Web page. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes into the context of the affected system, as a result in view, change, or delete data and can cause denial of service to legitimate users. Affected Software/OS: Microsoft Internet Explorer version 5.x/6.x/7.x/8.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3091 BugTraq ID: 24283 http://www.securityfocus.com/bid/24283 Bugtraq: 20070604 Assorted browser vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/470446/100/0/threaded Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html CERT/CC vulnerability note: VU#471361 http://www.kb.cert.org/vuls/id/471361 http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html http://lcamtuf.coredump.cx/ierace/ Microsoft Security Bulletin: MS09-019 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019 http://osvdb.org/38497 http://osvdb.org/54944 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6041 http://securitytracker.com/id?1018192 http://secunia.com/advisories/25564 http://securityreason.com/securityalert/2781 http://www.vupen.com/english/advisories/2007/2064 http://www.vupen.com/english/advisories/2009/1538 XForce ISS Database: ie-pageupdate-security-bypass(34696) https://exchange.xforce.ibmcloud.com/vulnerabilities/34696 Common Vulnerability Exposure (CVE) ID: CVE-2009-1140 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278 http://www.securitytracker.com/id?1022350 Common Vulnerability Exposure (CVE) ID: CVE-2009-1141 Bugtraq: 20090610 FortiGuard Advisory: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504207/100/0/threaded http://www.fortiguardcenter.com/advisory/FGA-2009-22.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5554 Common Vulnerability Exposure (CVE) ID: CVE-2009-1528 BugTraq ID: 35222 http://www.securityfocus.com/bid/35222 Bugtraq: 20090610 ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504206/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-037 http://osvdb.org/54947 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6260 Common Vulnerability Exposure (CVE) ID: CVE-2009-1529 BugTraq ID: 35223 http://www.securityfocus.com/bid/35223 Bugtraq: 20090610 ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504205/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-036 http://osvdb.org/54948 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6295 Common Vulnerability Exposure (CVE) ID: CVE-2009-1530 Bugtraq: 20090610 ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504209/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-038 http://osvdb.org/54949 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294 Common Vulnerability Exposure (CVE) ID: CVE-2009-1531 BugTraq ID: 35234 http://www.securityfocus.com/bid/35234 Bugtraq: 20090610 ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504216/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-039 http://osvdb.org/54950 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6308 Common Vulnerability Exposure (CVE) ID: CVE-2009-1532 Bugtraq: 20090610 ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504208/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-09-041 http://osvdb.org/54951 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6244
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.