CVE-2009-0553 | Vulnerability Database | Aqua Security

Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka Uninitialized Memory Corruption Vulnerability.

Affected Software

Name	Vendor	Start Version	End Version
Internet_explorer	Microsoft	6 (including)	6 (including)

References

http://osvdb.org/53626
http://secunia.com/advisories/34678
http://skypher.com/index.php/2009/04/19/ms09-014-embed-element-memory-corruption/
http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm
http://www.securityfocus.com/bid/34424
http://www.securitytracker.com/id?1022042
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
http://www.vupen.com/english/advisories/2009/1028
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6069

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-0553
CWE	https://cwe.mitre.org/data/definitions/399.html