CVE-2009-1701

Sažetak

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

Reference

http://support.apple.com/kb/HT3613
http://securitytracker.com/id?1022345
http://www.vupen.com/english/advisories/2009/1522
http://www.zerodayinitiative.com/advisories/ZDI-09-033/
http://www.securityfocus.com/bid/35260
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://secunia.com/advisories/35379
http://www.securityfocus.com/bid/35325
http://osvdb.org/55008
http://support.apple.com/kb/HT3639
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://www.vupen.com/english/advisories/2009/1621
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
http://secunia.com/advisories/43068
http://www.securityfocus.com/archive/1/504172/100/0/threaded

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

09-08-2022 - 13:48

Objavljeno

10-06-2009 - 18:00