WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Apple
  • Safari

Configuration 1 [-]

OR cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*
References
Link Resource
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html Patch Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/55015
http://secunia.com/advisories/35379 Vendor Advisory
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
http://securitytracker.com/id?1022345
http://support.apple.com/kb/HT3613 Patch Vendor Advisory
http://www.debian.org/security/2009/dsa-1950
http://www.securityfocus.com/bid/35260 Exploit Patch
http://www.securityfocus.com/bid/35310
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2011/0212
https://exchange.xforce.ibmcloud.com/vulnerabilities/51265
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-06-10T17:37:00

Updated: 2017-08-16T14:57:01

Reserved: 2009-05-20T00:00:00

Link: CVE-2009-1711

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2009-06-10T18:00:00.780

Modified: 2017-08-17T01:30:28.067

Link: CVE-2009-1711

JSON object: View

cve-icon Redhat Information

No data.

CWE