Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1705

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-1705
Last Modified 13 Jun 2009 01:33:27
Published 10 Jun 2009 02:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1705

Summary

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

Vulnerable Systems

Application

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4

  • Apple Safari 3.1

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2

  • Apple Safari 3.2

  • Apple Safari 3.2.1

  • Apple Safari 3.2.2

  • Apple Safari 3.2.3


References

VUPEN - ADV-2009-1522

BID - 35260

CONFIRM - http://support.apple.com/kb/HT3613

APPLE - APPLE-SA-2009-06-08-1

BID - 35308

SECUNIA - 35379

OSVDB - 54974


Last Updated: 27 May 2016 10:50:38