CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
References
Link | Resource |
---|---|
http://www.vupen.com/english/advisories/2009/1522 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/35260 | Exploit |
http://secunia.com/advisories/35379 | Vendor Advisory |
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | Patch Vendor Advisory |
http://support.apple.com/kb/HT3613 | Patch Vendor Advisory |
http://securitytracker.com/id?1022343 | Patch |
http://osvdb.org/55010 | |
http://www.securityfocus.com/bid/35344 |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Information
Published : 2009-06-10 11:00
Updated : 2009-06-18 22:32
NVD link : CVE-2009-1704
Mitre link : CVE-2009-1704
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
apple
- safari