CVE-2009-1704

Опубликовано: 10 июн. 2009

Источник: nvd

CVSS2: 9.3

EPSS Низкий

Описание

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

Ссылки

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Patch
Vendor Advisory
http://osvdb.org/55010
http://secunia.com/advisories/35379
Vendor Advisory
http://securitytracker.com/id?1022343
Patch
http://support.apple.com/kb/HT3613
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35260
Exploit
http://www.securityfocus.com/bid/35344
http://www.vupen.com/english/advisories/2009/1522
Patch
Vendor Advisory
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Patch
Vendor Advisory
http://osvdb.org/55010
http://secunia.com/advisories/35379
Vendor Advisory
http://securitytracker.com/id?1022343
Patch
http://support.apple.com/kb/HT3613
Patch
Vendor Advisory
http://www.securityfocus.com/bid/35260
Exploit
http://www.securityfocus.com/bid/35344
http://www.vupen.com/english/advisories/2009/1522
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apple:safari:*:*:mac:*:*:*:*:*

Версия до 4.0_beta (включая)

cpe:2.3:a:apple:safari:0.8:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:0.9:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.0.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:1.3.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:2.0.4:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:*:mac:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.3:*:mac:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:apple:safari:*:*:windows:*:*:*:*:*

Версия до 3.2.3 (включая)

cpe:2.3:a:apple:safari:3.0:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.2:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.3:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.0.4:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.1.2:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.1:*:windows:*:*:*:*:*

cpe:2.3:a:apple:safari:3.2.2:*:windows:*:*:*:*:*

EPSS

Процентиль: 85%

0.02364

Низкий

9.3 Critical

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-v4mv-7crp-f7p6

github

почти 4 года назад