9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.053 Low
EPSS
Percentile
93.1%
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0,
iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1,
Google Chrome 1.0.154.53, and possibly other products, allows remote
attackers to execute arbitrary code or cause a denial of service (memory
corruption and application crash) by setting an unspecified property of an
HTML tag that causes child elements to be freed and later accessed when an
HTML error occurs, related to “recursion in certain DOM event handlers.”
Author | Note |
---|---|
jdstrand | webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit |
mdeslaur | PoC: http://trac.webkit.org/browser/trunk/LayoutTests/fast/parser/head-content-after-head-removal.html?format=txt (need to add the <html> tags) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.10 | noarch | kde4libs | < 4:4.1.4-0ubuntu1~intrepid1.2 | UNKNOWN |
ubuntu | 9.04 | noarch | kde4libs | < 4:4.2.2-0ubuntu5.1 | UNKNOWN |
ubuntu | 8.04 | noarch | kdelibs | < 4:3.5.10-0ubuntu1~hardy1.2 | UNKNOWN |
ubuntu | 8.10 | noarch | kdelibs | < 4:3.5.10-0ubuntu6.1 | UNKNOWN |
ubuntu | 9.04 | noarch | kdelibs | < 4:3.5.10.dfsg.1-1ubuntu8.1 | UNKNOWN |
ubuntu | 9.10 | noarch | kdelibs | < 4:3.5.10.dfsg.1-2ubuntu5 | UNKNOWN |
ubuntu | 10.04 | noarch | kdelibs | < 4:3.5.10.dfsg.1-2ubuntu5 | UNKNOWN |
ubuntu | 10.10 | noarch | kdelibs | < 4:3.5.10.dfsg.1-2ubuntu5 | UNKNOWN |
ubuntu | 11.04 | noarch | kdelibs | < 4:3.5.10.dfsg.1-2ubuntu5 | UNKNOWN |
ubuntu | 8.10 | noarch | qt4-x11 | < 4.4.3-0ubuntu1.4 | UNKNOWN |
labs.idefense.com/intelligence/vulnerabilities/display.php?id=803
launchpad.net/bugs/cve/CVE-2009-1690
nvd.nist.gov/vuln/detail/CVE-2009-1690
security-tracker.debian.org/tracker/CVE-2009-1690
ubuntu.com/security/notices/USN-822-1
ubuntu.com/security/notices/USN-836-1
ubuntu.com/security/notices/USN-857-1
www.cve.org/CVERecord?id=CVE-2009-1690