Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1687

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1687
Last Modified 17 Feb 2011 01:43:38
Published 10 Jun 2009 10:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1687

Summary

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

Vulnerable Systems

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.0.3

  • Apple Safari 1.1

  • Apple Safari 1.2

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2.0

  • Apple Safari 2.0.2

  • Apple Safari 2.0.4

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4

  • Apple Safari 3.1

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2

  • Apple Safari 3.2

  • Apple Safari 3.2.1

  • Apple Safari 3.2.2

  • Apple Safari 3.2.3

  • Apple Safari 4.0 Beta


References

VUPEN - ADV-2009-1522

SECTRACK - 1022345

FEDORA - FEDORA-2009-8020

FEDORA - FEDORA-2009-8046

FEDORA - FEDORA-2009-8049

FEDORA - FEDORA-2009-8039

VUPEN - ADV-2011-0212

VUPEN - ADV-2009-1621

UBUNTU - USN-857-1

UBUNTU - USN-836-1

UBUNTU - USN-822-1

BID - 35309

BID - 35260

MANDRIVA - MDVSA-2009:330

DEBIAN - DSA-1950

CONFIRM - http://support.apple.com/kb/HT3639

CONFIRM - http://support.apple.com/kb/HT3613

SECUNIA - 43068

SECUNIA - 37746

SECUNIA - 36790

SECUNIA - 36062

SECUNIA - 36057

SECUNIA - 35379

OSVDB - 54985

SUSE - SUSE-SR:2011:002

APPLE - APPLE-SA-2009-06-17-1

APPLE - APPLE-SA-2009-06-08-1

Related Patches

Novell SUSE 2010:7217 kdelibs3 security update for SLE 10 SP3 i586

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:50:38