Lucene search

MitreCVE-2009-1705

HistoryJun 10, 2009 - 6:00 p.m.

CVE-2009-1705

2009-06-1018:00:00

CWE-189

mitre

web.nvd.nist.gov

coregraphics

apple safari

windows

arbitrary code execution

denial of service

font data

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.028

Percentile

90.8%

JSON

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

Affected configurations

Nvd

Node

applesafariRange≤3.2.3-windows

applesafariMatch3.0-windows

applesafariMatch3.0.1-windows

applesafariMatch3.0.2-windows

applesafariMatch3.0.3-windows

applesafariMatch3.0.4-windows

applesafariMatch3.1-windows

applesafariMatch3.1.1-windows

applesafariMatch3.1.2-windows

applesafariMatch3.2-windows

applesafariMatch3.2.1-windows

applesafariMatch3.2.2-windows

VendorProductVersionCPE
applesafari*cpe:2.3:a:apple:safari:*:-:windows:*:*:*:*:*
applesafari3.0cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*
applesafari3.0.1cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*
applesafari3.0.2cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*
applesafari3.0.3cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*
applesafari3.0.4cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*
applesafari3.1cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*
applesafari3.1.1cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*
applesafari3.1.2cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*
applesafari3.2cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	*	cpe:2.3:a:apple:safari::-:windows:::::
apple	safari	3.0	cpe:2.3:a:apple:safari:3.0:-:windows:::::*
apple	safari	3.0.1	cpe:2.3:a:apple:safari:3.0.1:-:windows:::::*
apple	safari	3.0.2	cpe:2.3:a:apple:safari:3.0.2:-:windows:::::*
apple	safari	3.0.3	cpe:2.3:a:apple:safari:3.0.3:-:windows:::::*
apple	safari	3.0.4	cpe:2.3:a:apple:safari:3.0.4:-:windows:::::*
apple	safari	3.1	cpe:2.3:a:apple:safari:3.1:-:windows:::::*
apple	safari	3.1.1	cpe:2.3:a:apple:safari:3.1.1:-:windows:::::*
apple	safari	3.1.2	cpe:2.3:a:apple:safari:3.1.2:-:windows:::::*
apple	safari	3.2	cpe:2.3:a:apple:safari:3.2:-:windows:::::*

Rows per page:

1-10 of 121

References

lists.apple.com/archives/security-announce/2009/jun/msg00002.html

osvdb.org/54974

secunia.com/advisories/35379

support.apple.com/kb/HT3613

www.securityfocus.com/bid/35260

www.securityfocus.com/bid/35308

www.vupen.com/english/advisories/2009/1522

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.028

Percentile

90.8%

JSON

Related for CVE-2009-1705