CVE-2009-1687

Severity

93%

Complexity

86%

Confidentiality

165%

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-06-10 14:30:00

Last updated 7 years ago

2017-09-29 01:34:00

Affected Software

Apple Safari 3.0.2 for Mac OS X

3.0.2

References

APPLE-SA-2009-06-08-1

Vendor Advisory

APPLE-SA-2009-06-17-1

SUSE-SR:2011:002

54985

35379

Vendor Advisory

36057

36062

36790

37746

43068

1022345

Patch

http://support.apple.com/kb/HT3613

Vendor Advisory

http://support.apple.com/kb/HT3639

DSA-1950

MDVSA-2009:330

35260

Exploit

35309

USN-822-1

USN-836-1

USN-857-1

ADV-2009-1522

Patch, Vendor Advisory

ADV-2009-1621

ADV-2011-0212

oval:org.mitre.oval:def:10260

FEDORA-2009-8039

FEDORA-2009-8049

FEDORA-2009-8046

FEDORA-2009-8020

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.