ID CVE-2009-1725
Summary WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
Vulnerable Configurations
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 3.2.2
    cpe:2.3:a:apple:safari:3.2.2
  • Apple Safari 3.2.1
    cpe:2.3:a:apple:safari:3.2.1
  • Apple Safari 3.2.0
    cpe:2.3:a:apple:safari:3.2.0
  • Apple Safari 3.1.2
    cpe:2.3:a:apple:safari:3.1.2
  • Apple Safari 3.1.1
    cpe:2.3:a:apple:safari:3.1.1
  • Apple Safari 3.1.0b
    cpe:2.3:a:apple:safari:3.1.0b
  • Apple Safari 3.1.0
    cpe:2.3:a:apple:safari:3.1.0
  • Apple Safari 3.0.4b
    cpe:2.3:a:apple:safari:3.0.4b
  • Apple Safari 3.0.4
    cpe:2.3:a:apple:safari:3.0.4
  • Apple Safari 3.0.3b
    cpe:2.3:a:apple:safari:3.0.3b
  • Apple Safari 3.0.3
    cpe:2.3:a:apple:safari:3.0.3
  • Apple Safari 3.0.2b
    cpe:2.3:a:apple:safari:3.0.2b
  • Apple Safari 3.0.2
    cpe:2.3:a:apple:safari:3.0.2
  • Apple Safari 3.0.1b
    cpe:2.3:a:apple:safari:3.0.1b
  • Apple Safari 3.0.1 Beta
    cpe:2.3:a:apple:safari:3.0.1:beta
  • Apple Safari 3.0.1
    cpe:2.3:a:apple:safari:3.0.1
  • Apple Safari 3.0.0b
    cpe:2.3:a:apple:safari:3.0.0b
  • Apple Safari 3.0.0
    cpe:2.3:a:apple:safari:3.0.0
  • Apple Safari 3.0
    cpe:2.3:a:apple:safari:3.0
  • Apple Safari 2.0.4
    cpe:2.3:a:apple:safari:2.0.4
  • Apple Safari 2.0.3 417.9.3
    cpe:2.3:a:apple:safari:2.0.3:417.9.3
  • Apple Safari 2.0.3 417.9.2
    cpe:2.3:a:apple:safari:2.0.3:417.9.2
  • Apple Safari 2.0.3 417.9
    cpe:2.3:a:apple:safari:2.0.3:417.9
  • Apple Safari 2.0.3 417.8
    cpe:2.3:a:apple:safari:2.0.3:417.8
  • Apple Safari 2.0.3
    cpe:2.3:a:apple:safari:2.0.3
  • Apple Safari 2.0.2
    cpe:2.3:a:apple:safari:2.0.2
  • Apple Safari 2.0.1
    cpe:2.3:a:apple:safari:2.0.1
  • Apple Safari 2.0.0
    cpe:2.3:a:apple:safari:2.0.0
  • Apple Safari 2.0
    cpe:2.3:a:apple:safari:2.0
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple iPhone OS 3.0.1
    cpe:2.3:o:apple:iphone_os:3.0.1
  • Apple iPhone OS 3.0
    cpe:2.3:o:apple:iphone_os:3.0
  • Apple iPhone OS 2.2.1
    cpe:2.3:o:apple:iphone_os:2.2.1
  • Apple iPhone OS 2.2
    cpe:2.3:o:apple:iphone_os:2.2
  • Apple iPhone OS 2.1.1
    cpe:2.3:o:apple:iphone_os:2.1.1
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0.0
    cpe:2.3:o:apple:iphone_os:2.0.0
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • Apple iPhone OS 1.1.0
    cpe:2.3:o:apple:iphone_os:1.1.0
  • Apple iPhone OS 1.0.2
    cpe:2.3:o:apple:iphone_os:1.0.2
  • Apple iPhone OS 1.0.1
    cpe:2.3:o:apple:iphone_os:1.0.1
  • Apple iPhone OS 1.0.0
    cpe:2.3:o:apple:iphone_os:1.0.0
  • Apple iPhone
    cpe:2.3:h:apple:iphone
  • Apple iPhone OS 3.1
    cpe:2.3:o:apple:iphone_os:3.1
  • Apple iPhone OS 3.0.1
    cpe:2.3:o:apple:iphone_os:3.0.1
  • Apple iPhone OS 3.0
    cpe:2.3:o:apple:iphone_os:3.0
  • Apple iPhone OS 2.2.1
    cpe:2.3:o:apple:iphone_os:2.2.1
  • Apple iPhone OS 2.2
    cpe:2.3:o:apple:iphone_os:2.2
  • Apple iPhone OS 2.1.1
    cpe:2.3:o:apple:iphone_os:2.1.1
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0.0
    cpe:2.3:o:apple:iphone_os:2.0.0
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • Apple iPhone OS 1.1.0
    cpe:2.3:o:apple:iphone_os:1.1.0
  • Apple iPhone OS 1.0.2
    cpe:2.3:o:apple:iphone_os:1.0.2
  • Apple iPhone OS 1.0.1
    cpe:2.3:o:apple:iphone_os:1.0.1
  • Apple iPhone OS 1.0.0
    cpe:2.3:o:apple:iphone_os:1.0.0
  • Apple iPod Touch
    cpe:2.3:h:apple:ipod_touch
CVSS
Base: 9.3 (as of 09-07-2009 - 15:41)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8049.NASL
    description This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40414
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40414
    title Fedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-836-1.NASL
    description It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 41606
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41606
    title Ubuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI4_0_2.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.2 As such, it is potentially affected by two issues : - A vulnerability in WebKit's handling of parent and top objects may allow for cross-site scripting attacks. (CVE-2009-1724) - A memory corruption issue in WebKit's handling of numeric character references could lead to a crash or arbitrary code execution. (CVE-2009-1725)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 39768
    published 2009-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39768
    title Mac OS X : Apple Safari < 4.0.2
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KDELIBS3-101103.NASL
    description An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 51088
    published 2010-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51088
    title SuSE 11 Security Update : kdelibs (SAT Patch Number 3450)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1988.NASL
    description Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. - CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an 'offset of a NULL pointer. - CVE-2009-1690 Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. - CVE-2009-1698 WebKit in qt4-x11 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1699 The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. - CVE-2009-1711 WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. - CVE-2009-1712 WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. - CVE-2009-1713 The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. - CVE-2009-1725 WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-2700 qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution (etch) is not affected by these problems.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44852
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44852
    title Debian DSA-1988-1 : qt4-x11 - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_KDELIBS3-7217.NASL
    description An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 51089
    published 2010-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51089
    title SuSE 10 Security Update : kdelibs (ZYPP Patch Number 7217)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1950.NASL
    description Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. - CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an 'offset of a NULL pointer.' - CVE-2009-1690 Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to 'recursion in certain DOM event handlers.' - CVE-2009-1698 WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1711 WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. - CVE-2009-1712 WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. - CVE-2009-1725 WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. - CVE-2009-1710 WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. - CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary websites on the same server through use of XMLHttpRequest without a Host header. - CVE-2009-1695 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. - CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary websites via a CANVAS element with an SVG image, related to a 'cross-site image capture issue.' - CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary websites via vectors involving a CANVAS element and redirection, related to a 'cross-site image capture issue.' - CVE-2009-1681 WebKit does not prevent websites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct 'clickjacking' attacks via a crafted HTML document. - CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. - CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44815
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44815
    title Debian DSA-1950-1 : webkit - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KDELIBS4-101103.NASL
    description An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53667
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53667
    title openSUSE Security Update : kdelibs4 (openSUSE-SU-2010:1036-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-346.NASL
    description Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 43613
    published 2009-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43613
    title Mandriva Linux Security Advisory : kde (MDVSA-2009:346)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8046.NASL
    description This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40413
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40413
    title Fedora 11 : kdelibs3-3.5.10-13.fc11 (2009-8046)
  • NASL family Windows
    NASL id SAFARI_4_0_2.NASL
    description The version of Safari installed on the remote Windows host is earlier than 4.0.2. Such versions are potentially affected by two issues : - A vulnerability in WebKit's handling of parent and top objects may allow for cross-site scripting attacks. (CVE-2009-1724) - A memory corruption issue in WebKit's handling of numeric character references could lead to a crash or arbitrary code execution. (CVE-2009-1725)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 39767
    published 2009-07-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39767
    title Safari < 4.0.2 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBWEBKIT-110111.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53764
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53764
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBWEBKIT-110104.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75629
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75629
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8039.NASL
    description This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40412
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40412
    title Fedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-857-1.NASL
    description It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42467
    published 2009-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42467
    title Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8802.NASL
    description Qt's WebKit code did not properly handle numeric character references, which could allow remote attackers to cause a denial of service (memory corruption and application crash) via a crafted HTML document. Also included is: * a fix for lib symlinks changing erroneously on upgrades * a fix for Copy and paste issues * added support for more x keycodes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 40681
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40681
    title Fedora 10 : qt-4.5.2-2.fc10 (2009-8802)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-027.NASL
    description Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '�' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. (CVE-2009-1687). WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1725). Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. (CVE-2009-1690). WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1698). KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537). The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689). WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption (CVE-2009-0945). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48170
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48170
    title Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8020.NASL
    description This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, - fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10's GCC 4.3.2), * moved Qt Designer plugins to the runtime package as they can be needed at runtime (e.g. by PyKDE programs), * kdelibs3-apidocs is now a noarch subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40411
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40411
    title Fedora 10 : kdelibs3-3.5.10-13.fc10 (2009-8020)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8800.NASL
    description Qt's WebKit code did not properly handle numeric character references, which could allow remote attackers to cause a denial of service (memory corruption and application crash) via a crafted HTML document. Also included is: * a fix for lib symlinks changing erroneously on upgrades * a fix for Copy and paste issues * added support for more x keycodes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 40680
    published 2009-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40680
    title Fedora 11 : qt-4.5.2-2.fc11 (2009-8800)
oval via4
accepted 2014-02-03T04:04:45.713-05:00
class vulnerability
contributors
  • name Prabhu.S.A
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
family windows
id oval:org.mitre.oval:def:5777
status accepted
submitted 2009-09-24T09:00:11
title Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.
version 12
refmap via4
apple
  • APPLE-SA-2009-07-08-1
  • APPLE-SA-2009-09-09-1
bid 35607
confirm
debian DSA-1950
fedora
  • FEDORA-2009-8020
  • FEDORA-2009-8039
  • FEDORA-2009-8046
  • FEDORA-2009-8049
  • FEDORA-2009-8800
  • FEDORA-2009-8802
mandriva MDVSA-2009:330
osvdb 55739
sectrack 1022526
secunia
  • 35758
  • 36057
  • 36062
  • 36347
  • 36677
  • 36790
  • 37746
  • 43068
suse SUSE-SR:2011:002
ubuntu
  • USN-836-1
  • USN-857-1
vupen
  • ADV-2009-1827
  • ADV-2011-0212
statements via4
contributor Tomas Hoger
lastmodified 2009-08-07
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 30-03-2012 - 00:00
Published 09-07-2009 - 13:30
Last modified 28-09-2017 - 21:34
Back to Top