CVE-2009-1725

Severity

93%

Complexity

86%

Confidentiality

165%

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 15 years ago

2009-07-09 17:30:00

Last updated 7 years ago

2017-09-29 01:34:00

Affected Software

Apple Safari 2.0

2.0

Apple Safari 2.0.0

2.0.0

Apple Safari 2.0.1

2.0.1

Apple Safari 2.0.2

2.0.2

Apple Safari 2.0.3

2.0.3

Apple Safari 2.0.3 417.8

2.0.3

Apple Safari 2.0.3 417.9

2.0.3

Apple Safari 2.0.3 417.9.2

2.0.3

Apple Safari 2.0.3 417.9.3

2.0.3

Apple Safari 2.0.4

2.0.4

Apple Safari 3.0

3.0

Apple Safari 3.0.0

3.0.0

Apple Safari 3.0.0b

3.0.0b

Apple Safari 3.0.1

3.0.1

Apple Safari 3.0.1 Beta

3.0.1

Apple Safari 3.0.1b

3.0.1b

Apple Safari 3.0.2

3.0.2

Apple Safari 3.0.2b

3.0.2b

Apple Safari 3.0.3

3.0.3

Apple Safari 3.0.3b

3.0.3b

Apple Safari 3.0.4

3.0.4

Apple Safari 3.0.4b

3.0.4b

Apple Safari 3.1.0

3.1.0

Apple Safari 3.1.0b

3.1.0b

Apple Safari 3.1.1

3.1.1

Apple Safari 3.1.2

3.1.2

Apple Safari 3.2.0

3.2.0

Apple Safari 3.2.1

3.2.1

Apple Safari 3.2.2

3.2.2

Apple Safari 4.0

4.0

Apple Safari 4.0.0b

4.0.0b

Apple Safari

References

APPLE-SA-2009-07-08-1

Patch, Vendor Advisory

APPLE-SA-2009-09-09-1

SUSE-SR:2011:002

55739

35758

36057

36062

36347

36677

36790

37746

43068

http://support.apple.com/kb/HT3666

Patch, Vendor Advisory

http://support.apple.com/kb/HT3860

http://websvn.kde.org/?view=rev&revision=1002162

http://websvn.kde.org/?view=rev&revision=1002163

http://websvn.kde.org/?view=rev&revision=1002164

DSA-1950

MDVSA-2009:330

35607

Patch

1022526

USN-836-1

USN-857-1

ADV-2009-1827

ADV-2011-0212

https://bugzilla.redhat.com/show_bug.cgi?id=513813

oval:org.mitre.oval:def:5777

FEDORA-2009-8800

FEDORA-2009-8802

FEDORA-2009-8039

FEDORA-2009-8049

FEDORA-2009-8046

FEDORA-2009-8020

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.