CVE-2009-2064

Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:internet_explorer:*:beta2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:6:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8:beta1:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_explorer:8.0b:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:1.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:1.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:2002:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:pocket_ie:2003:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-06-15 19:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-2064

Mitre link : CVE-2009-2064

CVE.ORG link : CVE-2009-2064


JSON object : View

Products Affected

microsoft

  • internet_explorer
  • pocket_ie
CWE
CWE-287

Improper Authentication