Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1713

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2009-1713
Last Modified 17 Feb 2011 01:43:42
Published 10 Jun 2009 02:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1713

Summary

The XSLT functionality in WebKit in Apple Safari before 4.0 does not properly implement the document function, which allows remote attackers to read (1) arbitrary local files and (2) files from different security zones via unspecified vectors.

Vulnerable Systems

Application

  • Apple Safari 0.8

  • Apple Safari 0.9

  • Apple Safari 1.0

  • Apple Safari 1.0.3

  • Apple Safari 1.1

  • Apple Safari 1.2

  • Apple Safari 1.3

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2.0

  • Apple Safari 2.0.2

  • Apple Safari 2.0.4

  • Apple Safari 3.0

  • Apple Safari 3.0.1

  • Apple Safari 3.0.2

  • Apple Safari 3.0.3

  • Apple Safari 3.0.4

  • Apple Safari 3.1

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2

  • Apple Safari 3.2

  • Apple Safari 3.2.1

  • Apple Safari 3.2.2

  • Apple Safari 3.2.3

  • Apple Safari 4.0 Beta


References

CONFIRM - http://support.apple.com/kb/HT3613

APPLE - APPLE-SA-2009-06-08-1

XF - safari-document-information-disclosure(51267)

VUPEN - ADV-2011-0212

VUPEN - ADV-2009-1522

UBUNTU - USN-857-1

BID - 35260

SECUNIA - 43068

SECUNIA - 35379

OSVDB - 54975

SUSE - SUSE-SR:2011:002

Related Patches

Apple 2009-06-08 Safari Update 4.0.1 (Leopard)

Apple 2009-06-08 Safari Update 4 (Tiger)


Last Updated: 27 May 2016 10:50:38