CVE-2009-1704

Sažetak

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

Reference

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://osvdb.org/55010
http://secunia.com/advisories/35379
http://securitytracker.com/id?1022343
http://support.apple.com/kb/HT3613
http://www.securityfocus.com/bid/35260
http://www.securityfocus.com/bid/35344
http://www.vupen.com/english/advisories/2009/1522

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

19-06-2009 - 05:32

Objavljeno

10-06-2009 - 18:00