A vulnerability, which was classified as critical, was found in Microsoft Internet Explorer 5.01 SP4/6/6 SP1/7 (Web Browser). This affects an unknown code block of the component Cache. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."

The issue has been introduced in 03/05/2008. The weakness was released 06/09/2009 by Jorge Luis Alvarez Medina with Core Security as MS09-019 as confirmed bulletin (Technet). The advisory is shared at microsoft.com. This vulnerability is uniquely identified as CVE-2009-1140 since 03/25/2009. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available. MITRE ATT&CK project uses the attack technique T1592 for this issue.

After immediately, there has been an exploit disclosed. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 461 days. During that time the estimated underground price was around $25k-$100k. The vulnerability scanner Nessus provides a plugin with the ID 39341 (MS09-019: Cumulative Security Update for Internet Explorer (969897)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows : Microsoft Bulletins. The commercial vulnerability scanner Qualys is able to test this issue with plugin 100073 (Microsoft Internet Explorer Cumulative Security Update (MS09-019)).

Upgrading eliminates this vulnerability. Applying the patch MS09-019 is able to eliminate this problem. The bugfix is ready for download at microsoft.com. The best possible mitigation is suggested to be upgrading to the latest version. Attack attempts may be identified with Snort ID 7070. In this case the pattern is used for detection. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 8217.

The vulnerability is also documented in the databases at X-Force (50776) and Tenable (39341). Further details are available at computerworld.com. Entries connected to this vulnerability are available at 3983, 3984, 3987 and 3985.

Productinfo

Type

• Web Browser

Vendor

• Microsoft

Name

• Internet Explorer

Version

• 5.01 SP4
• 6
• 6 SP1
• 7

License

• commercial

Support

• end of life

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info