CVE-2009-1698

Published: Jun 10, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Affected (48)

Products: Apple: Safari, Iphone Os, Ipod Touch

3 products

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.2.2
Apple Safari	Version 2.0.0
Apple Safari	Version 2.0.1
Apple Safari	Version 2.0.2
Apple Safari	Version 2.0.3
Apple Safari	Version 2.0.3 417.8
Apple Safari	Version 2.0.3 417.9.2
Apple Safari	Version 2.0.3 417.9.3
Apple Safari	Version 2.0.3 417.9
Apple Safari	Version 2.0.4
Apple Safari	Version 2.0
Apple Safari	Version 3.0.0
Apple Safari	Version 3.0.0b
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.1 beta
Apple Safari	Version 3.0.1b
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.2b
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.3b
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0.4b
Apple Safari	Version 3.0
Apple Safari	Version 3.1.0
Apple Safari	Version 3.1.0b
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.2.0
Apple Safari	Version 3.2.1

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 1.0.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	All versions

Configuration C

15 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1
Apple Iphone Os	Version 2.0.2
Apple Iphone Os	Version 2.0
Apple Iphone Os	Version 2.1.1
Apple Iphone Os	Version 2.1
Apple Iphone Os	Version 2.2.1
Apple Iphone Os	Version 2.2
Apple Ipod Touch	All versions

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (68)

http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

http://osvdb.org/55006

Source: cve@mitre.org

http://secunia.com/advisories/35379

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/35588

Source: cve@mitre.org

http://secunia.com/advisories/36057

Source: cve@mitre.org

http://secunia.com/advisories/36062

Source: cve@mitre.org

http://secunia.com/advisories/36790

Source: cve@mitre.org

http://secunia.com/advisories/37746

Source: cve@mitre.org

http://secunia.com/advisories/43068

Source: cve@mitre.org

http://securitytracker.com/id?1022345

Source: cve@mitre.org

Patch

http://support.apple.com/kb/HT3613

Source: cve@mitre.org

PatchVendor Advisory

http://support.apple.com/kb/HT3639

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1950

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:330

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2009-1128.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/504173/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/504295/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/35260

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/35318

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-822-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-836-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-857-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1522

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1621

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-09-032/

Source: cve@mitre.org

Patch

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

Source: cve@mitre.org

http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html