NVD脆弱性詳細

CVE-2009-0945

概要	Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
公表日	2009年5月14日2:30
登録日	2021年1月29日13:16
最終更新日	2018年10月11日4:32

CVSS2.0 : HIGH
スコア	9.3
ベクター	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	はい

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:safari:0.8:::::::*
cpe:2.3:a:apple:safari:0.9:::::::*
cpe:2.3:a:apple:safari:1.0:::::::*
cpe:2.3:a:apple:safari:1.0:beta::::::
cpe:2.3:a:apple:safari:1.0:beta2::::::
cpe:2.3:a:apple:safari:1.0.0:::::::*
cpe:2.3:a:apple:safari:1.0.0b1:::::::*
cpe:2.3:a:apple:safari:1.0.0b2:::::::*
cpe:2.3:a:apple:safari:1.0.1:::::::*
cpe:2.3:a:apple:safari:1.0.2:::::::*
cpe:2.3:a:apple:safari:1.0.3:::::::*
cpe:2.3:a:apple:safari:1.0.3:85.8::::::
cpe:2.3:a:apple:safari:1.0.3:85.8.1::::::
cpe:2.3:a:apple:safari:1.1:::::::*
cpe:2.3:a:apple:safari:1.1.0:::::::*
cpe:2.3:a:apple:safari:1.1.1:::::::*
cpe:2.3:a:apple:safari:1.2:::::::*
cpe:2.3:a:apple:safari:1.2.0:::::::*
cpe:2.3:a:apple:safari:1.2.1:::::::*
cpe:2.3:a:apple:safari:1.2.2:::::::*
cpe:2.3:a:apple:safari:1.2.3:::::::*
cpe:2.3:a:apple:safari:1.2.4:::::::*
cpe:2.3:a:apple:safari:1.2.5:::::::*
cpe:2.3:a:apple:safari:1.3:::::::*
cpe:2.3:a:apple:safari:1.3.0:::::::*
cpe:2.3:a:apple:safari:1.3.1:::::::*
cpe:2.3:a:apple:safari:1.3.2:::::::*
cpe:2.3:a:apple:safari:1.3.2:312.5::::::
cpe:2.3:a:apple:safari:1.3.2:312.6::::::
cpe:2.3:a:apple:safari:2:::::::*
cpe:2.3:a:apple:safari:2.0:::::::*
cpe:2.3:a:apple:safari:2.0.0:::::::*
cpe:2.3:a:apple:safari:2.0.1:::::::*
cpe:2.3:a:apple:safari:2.0.2:::::::*
cpe:2.3:a:apple:safari:2.0.3:::::::*
cpe:2.3:a:apple:safari:2.0.3:417.8::::::
cpe:2.3:a:apple:safari:2.0.3:417.9::::::
cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
cpe:2.3:a:apple:safari:2.0.4:::::::*
cpe:2.3:a:apple:safari:3:::::::*
cpe:2.3:a:apple:safari:3.0:::::::*
cpe:2.3:a:apple:safari:3.0.0:::::::*
cpe:2.3:a:apple:safari:3.0.1:::::::*
cpe:2.3:a:apple:safari:3.0.2:::::::*
cpe:2.3:a:apple:safari:3.0.3:::::::*
cpe:2.3:a:apple:safari:3.0.4:::::::*
cpe:2.3:a:apple:safari:3.1:::::::*
cpe:2.3:a:apple:safari:3.1.0:::::::*
cpe:2.3:a:apple:safari:3.1.1:::::::*
cpe:2.3:a:apple:safari:3.1.2:::::::*
cpe:2.3:a:apple:safari:3.2:::::::*
cpe:2.3:a:apple:safari:3.2.0:::::::*
cpe:2.3:a:apple:safari:3.2.1:::::::*
cpe:2.3:a:apple:safari::::::::		3.2.2
cpe:2.3:a:apple:safari:4.0:beta::::::

関連情報、対策とツール

No	URL	refsource	タグ
1	http://code.google.com/p/chromium/issues/detail?id=9019	CONFIRM
2	http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html	CONFIRM
3	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	APPLE
4	http://lists.apple.com/archives/security-announce/2009/May/msg00000.html	APPLE	Patch Vendor Advisory
5	http://lists.apple.com/archives/security-announce/2009/May/msg00001.html	APPLE	Patch Vendor Advisory
6	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	APPLE	Patch Vendor Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	SUSE
8	http://secunia.com/advisories/35056	SECUNIA
9	http://secunia.com/advisories/35074	SECUNIA
10	http://secunia.com/advisories/35095	SECUNIA
11	http://secunia.com/advisories/35576	SECUNIA
12	http://secunia.com/advisories/35805	SECUNIA
13	http://secunia.com/advisories/36062	SECUNIA
14	http://secunia.com/advisories/36461	SECUNIA
15	http://secunia.com/advisories/36790	SECUNIA
16	http://secunia.com/advisories/37746	SECUNIA
17	http://secunia.com/advisories/43068	SECUNIA
18	http://support.apple.com/kb/HT3549	CONFIRM	Patch Vendor Advisory
19	http://support.apple.com/kb/HT3550	CONFIRM
20	http://support.apple.com/kb/HT3639	CONFIRM
21	http://www.debian.org/security/2009/dsa-1950	DEBIAN
22	http://www.redhat.com/support/errata/RHSA-2009-1130.html	REDHAT
23	http://www.securityfocus.com/archive/1/503594/100/0/threaded	BUGTRAQ
24	http://www.securityfocus.com/bid/34924	BID
25	http://www.securitytracker.com/id?1022207	SECTRACK
26	http://www.ubuntu.com/usn/USN-822-1	UBUNTU
27	http://www.ubuntu.com/usn/USN-836-1	UBUNTU
28	http://www.ubuntu.com/usn/USN-857-1	UBUNTU
29	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	CERT	US Government Resource
30	http://www.vupen.com/english/advisories/2009/1297	VUPEN
31	http://www.vupen.com/english/advisories/2009/1298	VUPEN
32	http://www.vupen.com/english/advisories/2009/1321	VUPEN
33	http://www.vupen.com/english/advisories/2009/1621	VUPEN
34	http://www.vupen.com/english/advisories/2011/0212	VUPEN
35	http://www.zerodayinitiative.com/advisories/ZDI-09-022	MISC
36	https://exchange.xforce.ibmcloud.com/vulnerabilities/50477	XF
37	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584	OVAL
38	https://usn.ubuntu.com/823-1/	UBUNTU
39	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html	FEDORA
40	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html	FEDORA
41	https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html	FEDORA

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html

構成1	以上	以下	より上	未満
cpe:2.3:a:apple:safari:0.8:::::::*
cpe:2.3:a:apple:safari:0.9:::::::*
cpe:2.3:a:apple:safari:1.0:::::::*
cpe:2.3:a:apple:safari:1.0:beta::::::
cpe:2.3:a:apple:safari:1.0:beta2::::::
cpe:2.3:a:apple:safari:1.0.0:::::::*
cpe:2.3:a:apple:safari:1.0.0b1:::::::*
cpe:2.3:a:apple:safari:1.0.0b2:::::::*
cpe:2.3:a:apple:safari:1.0.1:::::::*
cpe:2.3:a:apple:safari:1.0.2:::::::*
cpe:2.3:a:apple:safari:1.0.3:::::::*
cpe:2.3:a:apple:safari:1.0.3:85.8::::::
cpe:2.3:a:apple:safari:1.0.3:85.8.1::::::
cpe:2.3:a:apple:safari:1.1:::::::*
cpe:2.3:a:apple:safari:1.1.0:::::::*
cpe:2.3:a:apple:safari:1.1.1:::::::*
cpe:2.3:a:apple:safari:1.2:::::::*
cpe:2.3:a:apple:safari:1.2.0:::::::*
cpe:2.3:a:apple:safari:1.2.1:::::::*
cpe:2.3:a:apple:safari:1.2.2:::::::*
cpe:2.3:a:apple:safari:1.2.3:::::::*
cpe:2.3:a:apple:safari:1.2.4:::::::*
cpe:2.3:a:apple:safari:1.2.5:::::::*
cpe:2.3:a:apple:safari:1.3:::::::*
cpe:2.3:a:apple:safari:1.3.0:::::::*
cpe:2.3:a:apple:safari:1.3.1:::::::*
cpe:2.3:a:apple:safari:1.3.2:::::::*
cpe:2.3:a:apple:safari:1.3.2:312.5::::::
cpe:2.3:a:apple:safari:1.3.2:312.6::::::
cpe:2.3:a:apple:safari:2:::::::*
cpe:2.3:a:apple:safari:2.0:::::::*
cpe:2.3:a:apple:safari:2.0.0:::::::*
cpe:2.3:a:apple:safari:2.0.1:::::::*
cpe:2.3:a:apple:safari:2.0.2:::::::*
cpe:2.3:a:apple:safari:2.0.3:::::::*
cpe:2.3:a:apple:safari:2.0.3:417.8::::::
cpe:2.3:a:apple:safari:2.0.3:417.9::::::
cpe:2.3:a:apple:safari:2.0.3:417.9.2::::::
cpe:2.3:a:apple:safari:2.0.4:::::::*
cpe:2.3:a:apple:safari:3:::::::*
cpe:2.3:a:apple:safari:3.0:::::::*
cpe:2.3:a:apple:safari:3.0.0:::::::*
cpe:2.3:a:apple:safari:3.0.1:::::::*
cpe:2.3:a:apple:safari:3.0.2:::::::*
cpe:2.3:a:apple:safari:3.0.3:::::::*
cpe:2.3:a:apple:safari:3.0.4:::::::*
cpe:2.3:a:apple:safari:3.1:::::::*
cpe:2.3:a:apple:safari:3.1.0:::::::*
cpe:2.3:a:apple:safari:3.1.1:::::::*
cpe:2.3:a:apple:safari:3.1.2:::::::*
cpe:2.3:a:apple:safari:3.2:::::::*
cpe:2.3:a:apple:safari:3.2.0:::::::*
cpe:2.3:a:apple:safari:3.2.1:::::::*
cpe:2.3:a:apple:safari::::::::		3.2.2
cpe:2.3:a:apple:safari:4.0:beta::::::