CVE-2009-1140

high

Microsoft

CVSS v3 Base Score

7.1

AV:N/AC:M/Au:N/C:C/I:N/A:N

EPSS Score

61.3%

Exploitation probability in 30 days

Top 2% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

None

Availability

None

Published: June 10, 2009 (6182 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."

CWE

CWE-200

Affected Products

microsoft internet explorer

References

🔗 www.securitytracker.com 🔗 www.us-cert.gov 🔗 www.vupen.com 🔗 docs.microsoft.com 🔗 oval.cisecurity.org

CVE-2009-1140

Vulnerability Report

Description

CWE

Affected Products

References