CVE-2009-2507

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."

Published: Oct 14, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-2507
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / windows_2003_server	-	-
microsoft / windows_xp	-	-
microsoft / windows_xp	--sp2	--sp2.x
microsoft / windows_2000	-	-

http://www.us-cert.gov/cas/techalerts/TA09-286A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-057
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6042

Vulnerability Database

289,599

CVE-2009-2507