CVE-2009-1701

Published: Jun 10, 2009Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

Affected (48)

Products: Apple: Safari, Iphone Os, Ipod Touch

3 products

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.2.2
Apple Safari	Version 2.0.0
Apple Safari	Version 2.0.1
Apple Safari	Version 2.0.2
Apple Safari	Version 2.0.3
Apple Safari	Version 2.0.3 417.8
Apple Safari	Version 2.0.3 417.9.2
Apple Safari	Version 2.0.3 417.9.3
Apple Safari	Version 2.0.3 417.9
Apple Safari	Version 2.0.4
Apple Safari	Version 2.0
Apple Safari	Version 3.0.0
Apple Safari	Version 3.0.0b
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.1 beta
Apple Safari	Version 3.0.1b
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.2b
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.3b
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0.4b
Apple Safari	Version 3.0
Apple Safari	Version 3.1.0
Apple Safari	Version 3.1.0b
Apple Safari	Version 3.1.1
Apple Safari	Version 3.1.2
Apple Safari	Version 3.2.0
Apple Safari	Version 3.2.1

Configuration B

19 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Version 1.0.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1
Apple Iphone Os	Version 2.0.2
Apple Iphone Os	Version 2.0
Apple Iphone Os	Version 2.1.1
Apple Iphone Os	Version 2.1
Apple Iphone Os	Version 2.2.1
Apple Iphone Os	Version 2.2
Apple Iphone Os	All versions
Apple Ipod Touch	All versions

Related CWEs

References (32)

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: cve@mitre.org

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: cve@mitre.org

http://osvdb.org/55008

Source: cve@mitre.org

http://secunia.com/advisories/35379

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/43068

Source: cve@mitre.org

http://securitytracker.com/id?1022345

Source: cve@mitre.org

Patch

http://support.apple.com/kb/HT3613

Source: cve@mitre.org

PatchVendor Advisory

http://support.apple.com/kb/HT3639

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/504172/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/35260

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/35325

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2009/1522

Source: cve@mitre.org

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1621

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2011/0212

Source: cve@mitre.org

http://www.zerodayinitiative.com/advisories/ZDI-09-033/

Source: cve@mitre.org

Patch

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/55008

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35379

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1022345

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://support.apple.com/kb/HT3613

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://support.apple.com/kb/HT3639

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/504172/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/35260

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/35325

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2009/1522

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.vupen.com/english/advisories/2009/1621

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-09-033/

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

Timeline

No history available yet.