ID CVE-2009-1709
Summary Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
References
Vulnerable Configurations
  • cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:0.8:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:0.9:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.0.3:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.0.3:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.3:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.3:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.3.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.3.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.3.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.3.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:2.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:2.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:2.0.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:2.0.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:2.0.4:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.3:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.3:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.4:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.4:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.2:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.2:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.3:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.3:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:1.0b1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:1.0b1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.1:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.1:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.0:-:mac:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.0:-:mac:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.3:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.4:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.1:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.2:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.2b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.2b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.3b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.3b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.0.4b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.0.4b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.0b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.0b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.1b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.1b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.1.2b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.1.2b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.0b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.0b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.1b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.1b:-:windows:*:*:*:*:*
  • cpe:2.3:a:apple:safari:3.2.2b:-:windows:*:*:*:*:*
    cpe:2.3:a:apple:safari:3.2.2b:-:windows:*:*:*:*:*
CVSS
Base: 9.3 (as of 03-10-2018 - 22:00)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-04-29T04:02:28.569-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
family unix
id oval:org.mitre.oval:def:10162
status accepted
submitted 2010-07-09T03:56:16-04:00
title Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
version 18
redhat via4
advisories
bugzilla
id 506703
title CVE-2009-0945 kdegraphics: KSVG NULL-pointer dereference in the SVGList interface implementation (ACE)
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment kdegraphics is earlier than 7:3.5.4-13.el5_3
        oval oval:com.redhat.rhsa:tst:20091130002
      • comment kdegraphics is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070729008
    • AND
      • comment kdegraphics-devel is earlier than 7:3.5.4-13.el5_3
        oval oval:com.redhat.rhsa:tst:20091130004
      • comment kdegraphics-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070729010
rhsa
id RHSA-2009:1130
released 2009-06-25
severity Critical
title RHSA-2009:1130: kdegraphics security update (Critical)
rpms
  • kdegraphics-7:3.5.4-13.el5_3
  • kdegraphics-devel-7:3.5.4-13.el5_3
refmap via4
apple APPLE-SA-2009-06-08-1
bid
  • 35260
  • 35334
confirm http://support.apple.com/kb/HT3613
mandriva MDVSA-2010:182
misc http://www.zerodayinitiative.com/advisories/ZDI-09-034/
osvdb 55013
sectrack 1022345
secunia
  • 35379
  • 35576
  • 36461
  • 43068
suse SUSE-SR:2011:002
ubuntu USN-823-1
vupen
  • ADV-2009-1522
  • ADV-2011-0212
Last major update 03-10-2018 - 22:00
Published 10-06-2009 - 18:00
Back to Top