CVE-2009-0072

Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote attackers to cause a denial of service (application crash) via an onload=screen[""] attribute value in a BODY element.

Published: Jan 8, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0072
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_explorer	6-sp1	6-sp1.x
microsoft / internet_explorer	8-beta2	8-beta2.x
microsoft / internet_explorer	6-sp2	6-sp2.x
microsoft / internet_explorer	7	7.x
microsoft / internet_explorer	8-beta1	8-beta1.x
microsoft / internet_explorer	6	6.x

http://skypher.com/index.php/2009/01/07/msie-screen-null-ptr-dos-details/
http://www.securityfocus.com/bid/33149
https://exchange.xforce.ibmcloud.com/vulnerabilities/47788

Vulnerability Database

289,697

CVE-2009-0072