CVE-2009-0239

CVE Database · CVE-2009-0239

CVE-2009-0239

· N/AModified

CVSS v3.1

N/A

EPSS

32.55%

Published

Jun 10, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."

Weaknesses (CWE)

CWE-79

Affected Products (5)

microsoft · windows_server_2003

microsoft · windows_xp

microsoft · windows_searchvulnerable

References (14)

http://osvdb.org/54935

http://secunia.com/advisories/35366

http://www.securitytracker.com/id?1022353

http://www.us-cert.gov/cas/techalerts/TA09-160A.html

US Government Resource