CVE-2009-1705 - OpenCVE

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Safari

Configuration 1 [-]

OR	cpe:2.3:a:apple:safari::-:windows:::::
	cpe:2.3:a:apple:safari:3.0:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.3:-:windows:::::*
	cpe:2.3:a:apple:safari:3.0.4:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.1.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2.1:-:windows:::::*
	cpe:2.3:a:apple:safari:3.2.2:-:windows:::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch Vendor Advisory
http://osvdb.org/54974
http://secunia.com/advisories/35379	Vendor Advisory
http://support.apple.com/kb/HT3613	Patch Vendor Advisory
http://www.securityfocus.com/bid/35260	Exploit Patch
http://www.securityfocus.com/bid/35308
http://www.vupen.com/english/advisories/2009/1522	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-10T17:37:00

Updated: 2009-06-13T09:00:00

Reserved: 2009-05-20T00:00:00

Link: CVE-2009-1705

JSON object: View

NVD Information

Status : Modified

Published: 2009-06-10T18:00:00.657

Modified: 2009-06-13T05:33:27.577

Link: CVE-2009-1705

JSON object: View

Redhat Information

No data.

CWE

CWE-189

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-06-08T00:00:00", "descriptions": [{"lang": "en", "value": "CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2009-06-13T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35308", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35308"}, {"name": "APPLE-SA-2009-06-08-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "35260", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35260"}, {"name": "ADV-2009-1522", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "35379", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35379"}, {"name": "54974", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54974"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3613"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-1705", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35308", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35308"}, {"name": "APPLE-SA-2009-06-08-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"name": "35260", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35260"}, {"name": "ADV-2009-1522", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1522"}, {"name": "35379", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35379"}, {"name": "54974", "refsource": "OSVDB", "url": "http://osvdb.org/54974"}, {"name": "http://support.apple.com/kb/HT3613", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3613"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1705", "datePublished": "2009-06-10T17:37:00", "dateReserved": "2009-05-20T00:00:00", "dateUpdated": "2009-06-13T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*", "matchCriteriaId": "7E203D81-FABE-4A63-8930-1DA15A86E113", "versionEndIncluding": "3.2.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*", "matchCriteriaId": "49875E29-AA30-4D96-9ED9-538823DD5E1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*", "matchCriteriaId": "D6C733F3-F5D4-4CF1-866D-61FF9D81D1B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*", "matchCriteriaId": "C5471735-D9C0-491B-9A6A-07B39AA215CF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*", "matchCriteriaId": "1E5C52F3-2109-40FD-9945-A9A9D42C076E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*", "matchCriteriaId": "151DEB6D-5857-4B0B-8449-5735768024A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*", "matchCriteriaId": "AC7E7F65-8F3B-42F8-8B2D-9EA1CC4A4300", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*", "matchCriteriaId": "476EBE1F-66E1-4EF5-8344-BEDA97F306A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*", "matchCriteriaId": "480ED2AC-0DA4-44DA-A902-8534335077B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*", "matchCriteriaId": "77F31F4B-5305-4D75-9277-95EF99A969A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*", "matchCriteriaId": "C9AD216D-0C95-4843-A1A1-C3C9A6219277", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*", "matchCriteriaId": "04B8652D-BE06-49CB-A636-8B53B2DF9168", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data."}, {"lang": "es", "value": "CoreGraphics en Apple Safari anteriores a v4.0 en Windows no utiliza adecuadamente la aritm\u00e9tica durante la inicializaci\u00f3n autom\u00e1tica de las fuentes TrueType, lo que permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una fuente de datos manipulada."}], "id": "CVE-2009-1705", "lastModified": "2009-06-13T05:33:27.577", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-06-10T18:00:00.657", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/54974"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35379"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://support.apple.com/kb/HT3613"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "http://www.securityfocus.com/bid/35260"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/35308"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1522"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}