Search for vulnerabilities
Vulnerability details: VCID-w8t8-yukd-aaap
Vulnerability ID VCID-w8t8-yukd-aaap
Aliases CVE-2009-1698
Summary WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
rhas Critical https://access.redhat.com/errata/RHSA-2009:1127
rhas Important https://access.redhat.com/errata/RHSA-2009:1128
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.04484 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06230 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.06245 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.0736 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.07755 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
epss 0.07755 https://api.first.org/data/v1/epss?cve=CVE-2009-1698
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=506469
cvssv2 9.3 https://nvd.nist.gov/vuln/detail/CVE-2009-1698
Reference id Reference type URL
http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://osvdb.org/55006
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1698.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
http://secunia.com/advisories/35379
http://secunia.com/advisories/35588
http://secunia.com/advisories/36057
http://secunia.com/advisories/36062
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
http://securitytracker.com/id?1022345
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484
http://support.apple.com/kb/HT3613
http://support.apple.com/kb/HT3639
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
http://www.debian.org/security/2009/dsa-1950
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://www.redhat.com/support/errata/RHSA-2009-1128.html
http://www.securityfocus.com/archive/1/504173/100/0/threaded
http://www.securityfocus.com/archive/1/504295/100/0/threaded
http://www.securityfocus.com/bid/35260
http://www.securityfocus.com/bid/35318
http://www.ubuntu.com/usn/USN-822-1
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
http://www.zerodayinitiative.com/advisories/ZDI-09-032/
506469 https://bugzilla.redhat.com/show_bug.cgi?id=506469
534946 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.3:417.8:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.3:417.9:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.3:417.9.2:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.3:417.9.3:*:*:*:*:*:*
cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.1b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.1:beta:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.2b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.3b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.0.4b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.1.0b:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:safari:3.2.1:*:*:*:*:*:*:*
CVE-2009-1698 https://nvd.nist.gov/vuln/detail/CVE-2009-1698
RHSA-2009:1127 https://access.redhat.com/errata/RHSA-2009:1127
RHSA-2009:1128 https://access.redhat.com/errata/RHSA-2009:1128
USN-822-1 https://usn.ubuntu.com/822-1/
USN-836-1 https://usn.ubuntu.com/836-1/
USN-857-1 https://usn.ubuntu.com/857-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1698
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91304
EPSS Score 0.03099
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.