Unrated severityNVD Advisory· Published Jun 15, 2009· Updated Apr 23, 2026
CVE-2009-2064
CVE-2009-2064
Description
Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to "HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages."
Affected products
18cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:6:sp2:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7.0.5730:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8.0b:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:beta1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:*:beta2:*:*:*:*:*:*range: <=8
cpe:2.3:a:microsoft:pocket_ie:1.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:microsoft:pocket_ie:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:pocket_ie:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:pocket_ie:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:pocket_ie:2002:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:pocket_ie:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:pocket_ie:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:pocket_ie:4.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4News mentions
0No linked articles in our index yet.