Lucene search

[email protected]NVD:CVE-2009-2804

HistorySep 14, 2009 - 4:30 p.m.

CVE-2009-2804

2009-09-1416:30:00

CWE-189

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.1%

JSON

Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, and Safari before 4.0.4 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ColorSync profile embedded in an image, leading to a heap-based buffer overflow.

Affected configurations

NVD

Node

applemac_os_xMatch10.4.11

applemac_os_xMatch10.5.8

applemac_os_x_serverMatch10.4.11

applemac_os_x_serverMatch10.5.8

Node

applesafariRange≤4.0.3

applesafariMatch0.8

applesafariMatch0.9

applesafariMatch1.0

applesafariMatch1.0beta

applesafariMatch1.0beta2

applesafariMatch1.0.0

applesafariMatch1.0.0b1

applesafariMatch1.0.0b2

applesafariMatch1.0.1

applesafariMatch1.0.2

applesafariMatch1.0.3

applesafariMatch1.1.0

applesafariMatch1.1.1

applesafariMatch1.2

applesafariMatch1.2.0

applesafariMatch1.2.1

applesafariMatch1.2.2

applesafariMatch1.2.3

applesafariMatch1.2.4

applesafariMatch1.2.5

applesafariMatch1.3

applesafariMatch1.3.0

applesafariMatch1.3.1

applesafariMatch1.3.2

applesafariMatch2

applesafariMatch2.0

applesafariMatch2.0.0

applesafariMatch2.0.1

applesafariMatch2.0.2

applesafariMatch2.0.3

applesafariMatch2.0.3417.8

applesafariMatch2.0.3417.9

applesafariMatch2.0.3417.9.2

applesafariMatch2.0.3417.9.3

applesafariMatch2.0.3_417.9.3

applesafariMatch2.0.4

applesafariMatch2.0.4_419.3

applesafariMatch2.0_pre

applesafariMatch3

applesafariMatch3.0

applesafariMatch3.0.0

applesafariMatch3.0.0b

applesafariMatch3.0.1

applesafariMatch3.0.1beta

applesafariMatch3.0.1b

applesafariMatch3.0.2

applesafariMatch3.0.2b

applesafariMatch3.0.3

applesafariMatch3.0.3b

applesafariMatch3.0.4

applesafariMatch3.0.4_beta

applesafariMatch3.0.4b

applesafariMatch3.1

applesafariMatch3.1.0

applesafariMatch3.1.0b

applesafariMatch3.1.1

applesafariMatch3.1.2

applesafariMatch3.2

applesafariMatch3.2.0

applesafariMatch3.2.1

applesafariMatch3.2.2

applesafariMatch3.2.3

applesafariMatch4.0

applesafariMatch4.0beta

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

AND

microsoftwindows

References

lists.apple.com/archives/security-announce/2009/Nov/msg00001.html

lists.apple.com/archives/security-announce/2009/Sep/msg00004.html

osvdb.org/57949

secunia.com/advisories/36701

secunia.com/advisories/37346

support.apple.com/kb/HT3865

support.apple.com/kb/HT3949

www.securityfocus.com/bid/36357

www.vupen.com/english/advisories/2009/3217

exchange.xforce.ibmcloud.com/vulnerabilities/53166

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.1%

JSON

Related for NVD:CVE-2009-2804

prion1 cvelist1 cve1 nessus4 seebug2 threatpost1 openvas2