CVE-2009-1701

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://support.apple.com/kb/HT3613	Patch Vendor Advisory
http://securitytracker.com/id?1022345	Patch
http://www.vupen.com/english/advisories/2009/1522	Patch Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-09-033/	Patch
http://www.securityfocus.com/bid/35260	Exploit
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	Patch Vendor Advisory
http://secunia.com/advisories/35379	Vendor Advisory
http://www.securityfocus.com/bid/35325
http://osvdb.org/55008
http://support.apple.com/kb/HT3639
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://www.vupen.com/english/advisories/2009/1621
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
http://secunia.com/advisories/43068
http://www.securityfocus.com/archive/1/504172/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apple:safari:3.0.4b:::::::*
	cpe:2.3:a:apple:safari:2.0.3:417.9.3::::::
	cpe:2.3:a:apple:safari:3.0.4:::::::*
	cpe:2.3:a:apple:safari:3.0.1:beta::::::
	cpe:2.3:a:apple:safari:2.0.1:::::::*
	cpe:2.3:a:apple:safari:2.0.3:::::::*
	cpe:2.3:a:apple:safari:2.0.2:::::::*
	cpe:2.3:a:apple:safari:3.0.0:::::::*
	cpe:2.3:a:apple:safari:3.0.1:::::::*
	cpe:2.3:a:apple:safari:3.1.0:::::::*
	cpe:2.3:a:apple:safari:2.0.3:417.8::::::
	cpe:2.3:a:apple:safari:3.2.0:::::::*
	cpe:2.3:a:apple:safari:3.1.2:::::::*
	cpe:2.3:a:apple:safari:3.0.3:::::::*
	cpe:2.3:a:apple:safari:3.0.2b:::::::*
	cpe:2.3:a:apple:safari:2.0.4:::::::*
	cpe:2.3:a:apple:safari:2.0.0:::::::*
	cpe:2.3:a:apple:safari:2.0:::::::*
	cpe:2.3:a:apple:safari:3.0.3b:::::::*
	cpe:2.3:a:apple:safari:3.0.0b:::::::*
	cpe:2.3:a:apple:safari:3.1.1:::::::*
	cpe:2.3:a:apple:safari:3.1.0b:::::::*
	cpe:2.3:a:apple:safari:3.0.2:::::::*
	cpe:2.3:a:apple:safari:3.0.1b:::::::*
	cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
	cpe:2.3:a:apple:safari:2.0.3:417.9::::::
	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:3.0:::::::*
	cpe:2.3:a:apple:safari:3.2.1:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*

OR	cpe:2.3:h:apple:ipod_touch::::::::
	cpe:2.3:o:apple:iphone_os::::::::

Information

Published : 2009-06-10 11:00

Updated : 2022-08-09 06:48

NVD link : CVE-2009-1701

Mitre link : CVE-2009-1701

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

apple

safari
ipod_touch
iphone_os

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.apple.com/kb/HT3613", "name": "http://support.apple.com/kb/HT3613", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1022345", "name": "1022345", "tags": ["Patch"], "refsource": "SECTRACK"}, {"url": "http://www.vupen.com/english/advisories/2009/1522", "name": "ADV-2009-1522", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/", "name": "http://www.zerodayinitiative.com/advisories/ZDI-09-033/", "tags": ["Patch"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/35260", "name": "35260", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html", "name": "APPLE-SA-2009-06-08-1", "tags": ["Patch", "Vendor Advisory"], "refsource": "APPLE"}, {"url": "http://secunia.com/advisories/35379", "name": "35379", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/35325", "name": "35325", "tags": [], "refsource": "BID"}, {"url": "http://osvdb.org/55008", "name": "55008", "tags": [], "refsource": "OSVDB"}, {"url": "http://support.apple.com/kb/HT3639", "name": "http://support.apple.com/kb/HT3639", "tags": [], "refsource": "CONFIRM"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html", "name": "APPLE-SA-2009-06-17-1", "tags": [], "refsource": "APPLE"}, {"url": "http://www.vupen.com/english/advisories/2009/1621", "name": "ADV-2009-1621", "tags": [], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "name": "SUSE-SR:2011:002", "tags": [], "refsource": "SUSE"}, {"url": "http://www.vupen.com/english/advisories/2011/0212", "name": "ADV-2011-0212", "tags": [], "refsource": "VUPEN"}, {"url": "http://secunia.com/advisories/43068", "name": "43068", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/archive/1/504172/100/0/threaded", "name": "20090608 ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1701", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-06-10T18:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.2.2"}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:apple:ipod_touch:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-08-09T13:48Z"}

9.3 /10