CVE-2009-1725

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 09-07-2009 07:30

Last modified: - 02-09-2022 03:42

Total changes: - 3

Description

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

9.3

Base score

8.6

10.0

Exploitability score

Impact score

Verification logic

Reference

http://support.apple.com/kb/HT3666
APPLE-SA-2009-07-08-1-Patch, Vendor Advisory
35607-Patch
35758-
1022526-
55739-
ADV-2009-1827-
36062-
FEDORA-2009-8046-
FEDORA-2009-8020-
FEDORA-2009-8049-
FEDORA-2009-8039-
36057-
http://websvn.kde.org/?view=rev&revision=1002164
https://bugzilla.redhat.com/show_bug.cgi?id=513813
http://websvn.kde.org/?view=rev&revision=1002162
FEDORA-2009-8800-
http://websvn.kde.org/?view=rev&revision=1002163
FEDORA-2009-8802-
36347-
http://support.apple.com/kb/HT3860
36677-
APPLE-SA-2009-09-09-1-
DSA-1950-
37746-
MDVSA-2009:330-
USN-857-1-
36790-
USN-836-1-
SUSE-SR:2011:002-
43068-
ADV-2011-0212-
oval:org.mitre.oval:def:5777-

Keywords

CVE-2009-1725

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2009-1725

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures