Cross-Site Scripting Vulnerability in Windows Search for Microsoft Windows
CVE-2009-0239

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Search
Vendor: CVE Published:; 10 June 2009

What is CVE-2009-0239?

A vulnerability exists in Windows Search 4.0 on specific versions of Microsoft Windows, which allows user-assisted remote attackers to inject malicious web scripts or HTML through specially crafted files. These files may appear in the preview pane of search results, leading to potential script execution. This security issue could be exploited to manipulate user sessions and gain unauthorized information.

References

http://www.vupen.com/english/advisories/2009/1542

vdb-entryx_refsource_VUPEN

http://osvdb.org/54935

vdb-entryx_refsource_OSVDB

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

38% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2009
Vulnerability Reserved
Jan 20, 2009