Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2419

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2419
Last Modified 17 Feb 2011 01:45:00
Published 09 Jul 2009 12:30:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2419

Summary

Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Apple Safari 4.0

  • Apple Safari 4.0.1


References

XF - safari-servependingrequests-dos(51533)

VUPEN - ADV-2011-0212

BID - 35555

OSVDB - 55587

CONFIRM - http://trac.webkit.org/changeset/44519

SECUNIA - 43068

SECUNIA - 33495

MISC - http://marcell-dietl.de/index/adv_safari_4_x_js_reload_dos.php

SUSE - SUSE-SR:2011:002


Last Updated: 27 May 2016 10:50:53