CyberSec.Space Logo
Back to CVE Browser

CVE-2009-1920

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile8.54th
PublishedSep 8, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 2000

All versions
πŸ’»
Microsoft

Windows Server 2003

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Server 2008

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Vista

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions
πŸ’»
Microsoft

Windows Xp

All versions

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-251A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316
πŸ”— http://www.us-cert.gov/cas/techalerts/TA09-251A.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316

Related Vulnerabilities

CVE-2000-103410.0

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a ...

CVE-2001-014710.0

Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is ...

CVE-2000-022210.0

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote ...

CVE-2001-024110.0

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long pr...