NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-1709

Summary	Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
Publication Date	June 11, 2009, 3 a.m.
Registration Date	Jan. 29, 2021, 1:18 p.m.
Last Update	Oct. 4, 2018, 7 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apple:safari:0.8:-:mac:::::*
cpe:2.3:a:apple:safari:0.9:-:mac:::::*
cpe:2.3:a:apple:safari:1.0:-:mac:::::*
cpe:2.3:a:apple:safari:1.0.3:-:mac:::::*
cpe:2.3:a:apple:safari:1.1:-:mac:::::*
cpe:2.3:a:apple:safari:1.2:-:mac:::::*
cpe:2.3:a:apple:safari:1.3:-:mac:::::*
cpe:2.3:a:apple:safari:1.3.1:-:mac:::::*
cpe:2.3:a:apple:safari:1.3.2:-:mac:::::*
cpe:2.3:a:apple:safari:2.0:-:mac:::::*
cpe:2.3:a:apple:safari:2.0.2:-:mac:::::*
cpe:2.3:a:apple:safari:2.0.4:-:mac:::::*
cpe:2.3:a:apple:safari:3.0:-:mac:::::*
cpe:2.3:a:apple:safari:3.0.2:-:mac:::::*
cpe:2.3:a:apple:safari:3.0.3:-:mac:::::*
cpe:2.3:a:apple:safari:3.0.4:-:mac:::::*
cpe:2.3:a:apple:safari:3.1:-:mac:::::*
cpe:2.3:a:apple:safari:3.1.1:-:mac:::::*
cpe:2.3:a:apple:safari:3.1.2:-:mac:::::*
cpe:2.3:a:apple:safari:3.2.1:-:mac:::::*
cpe:2.3:a:apple:safari:3.2.3:-:mac:::::*
cpe:2.3:a:apple:safari::-:mac:::::			4.0_beta

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:apple:safari:3.0:-:windows:::::*
cpe:2.3:a:apple:safari:3.0.1:-:windows:::::*
cpe:2.3:a:apple:safari:3.0.2:-:windows:::::*
cpe:2.3:a:apple:safari:3.0.3:-:windows:::::*
cpe:2.3:a:apple:safari:3.0.4:-:windows:::::*
cpe:2.3:a:apple:safari:3.1:-:windows:::::*
cpe:2.3:a:apple:safari:3.1.1:-:windows:::::*
cpe:2.3:a:apple:safari:3.1.2:-:windows:::::*
cpe:2.3:a:apple:safari:3.2:-:windows:::::*
cpe:2.3:a:apple:safari:3.2.1:-:windows:::::*
cpe:2.3:a:apple:safari:3.2.2:-:windows:::::*
cpe:2.3:a:apple:safari::-:windows:::::			3.2.3

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	APPLE	Patch Vendor Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	SUSE
3	http://osvdb.org/55013	OSVDB
4	http://secunia.com/advisories/35379	SECUNIA	Vendor Advisory
5	http://secunia.com/advisories/35576	SECUNIA
6	http://secunia.com/advisories/36461	SECUNIA
7	http://secunia.com/advisories/43068	SECUNIA
8	http://securitytracker.com/id?1022345	SECTRACK
9	http://support.apple.com/kb/HT3613	CONFIRM	Patch Vendor Advisory
10	http://www.mandriva.com/security/advisories?name=MDVSA-2010:182	MANDRIVA
11	http://www.redhat.com/support/errata/RHSA-2009-1130.html	REDHAT
12	http://www.securityfocus.com/bid/35260	BID
13	http://www.securityfocus.com/bid/35334	BID
14	http://www.vupen.com/english/advisories/2009/1522	VUPEN	Vendor Advisory
15	http://www.vupen.com/english/advisories/2011/0212	VUPEN
16	http://www.zerodayinitiative.com/advisories/ZDI-09-034/	MISC
17	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162	OVAL
18	https://usn.ubuntu.com/823-1/	UBUNTU

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-399	リソース管理の問題	https://cwe.mitre.org/data/definitions/399.html