Lucene search

MitreCVE-2009-1698

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1698

2009-06-1018:00:00

CWE-94

mitre

web.nvd.nist.gov

cve-2009-1698

webkit

apple safari

iphone os

ipod touch

css

memory corruption

application crash

remote code execution

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.4

Confidence

High

EPSS

0.036

Percentile

91.8%

JSON

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Affected configurations

Nvd

Node

applesafariRange≤3.2.2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.4

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1beta

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4b

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2.0

applesafariMatch3.2.1

Node

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

AND

appleiphone_os

Node

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

AND

appleipod_touch

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
applesafari2.0cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
applesafari2.0.0cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
applesafari2.0.1cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
applesafari2.0.2cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
applesafari2.0.3cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::::::::
apple	safari	2.0	cpe:2.3:a:apple:safari:2.0:::::::*
apple	safari	2.0.0	cpe:2.3:a:apple:safari:2.0.0:::::::*
apple	safari	2.0.1	cpe:2.3:a:apple:safari:2.0.1:::::::*
apple	safari	2.0.2	cpe:2.3:a:apple:safari:2.0.2:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:::::::*
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.8::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
apple	safari	2.0.3	cpe:2.3:a:apple:safari:2.0.3:417.9.3::::::