CVE-2009-2064

medium

Microsoft

CVSS v3 Base Score

6.8

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Score

14.6%

Exploitation probability in 30 days

Top 6% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Confidentiality

Integrity

Availability

Published: June 15, 2009 (6177 days ago)

Last Modified: April 23, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."

CWE

CWE-287

Affected Products

microsoft internet explorermicrosoft pocket ie

References

🔗 research.microsoft.com 🔗 research.microsoft.com 🔗 www.securityfocus.com 🔗 exchange.xforce.ibmcloud.com 🔗 research.microsoft.com

CVE-2009-2064

Vulnerability Report

Description

CWE

Affected Products

References