Sign-up

ID

VAR-200904-0311


CVE

CVE-2009-1233


TITLE

Windows Run on Apple Safari Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-001529

DESCRIPTION

Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. Apple Safari is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Apple Safari 3.2.2 and 4 Beta are vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2009-1233 // JVNDB: JVNDB-2009-001529 // BID: 34318 // VULHUB: VHN-38679

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 2.4

vendor:applemodel:safariscope:eqversion:4

Trust: 2.4

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

sources: BID: 34318 // JVNDB: JVNDB-2009-001529 // CNNVD: CNNVD-200904-045 // NVD: CVE-2009-1233

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-1233
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-1233
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200904-045
value: MEDIUM

Trust: 0.6

VULHUB: VHN-38679
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-1233
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-38679
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38679 // JVNDB: JVNDB-2009-001529 // CNNVD: CNNVD-200904-045 // NVD: CVE-2009-1233

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-38679 // JVNDB: JVNDB-2009-001529 // NVD: CVE-2009-1233

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200904-045

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200904-045

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001529

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-38679

PATCH
title:Top Pageurl:http://www.apple.com/jp/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001529

EXTERNAL IDS
db:NVDid:CVE-2009-1233
Trust: 2.8
db:BIDid:34318
Trust: 2.0
db:EXPLOIT-DBid:8325
Trust: 1.7
db:JVNDBid:JVNDB-2009-001529
Trust: 0.8
db:CNNVDid:CNNVD-200904-045
Trust: 0.7
db:XFid:49527
Trust: 0.6
db:MILW0RMid:8325
Trust: 0.6
db:VULHUBid:VHN-38679
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38679 // 
            
            
            
            BID: 34318 // 
            
            
            
            JVNDB: JVNDB-2009-001529 // 
            
            
            
            CNNVD: CNNVD-200904-045 // 
            
            
            
            NVD: CVE-2009-1233

REFERENCES
url:http://www.securityfocus.com/bid/34318
Trust: 1.7
url:https://www.exploit-db.com/exploits/8325
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5559
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/49527
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1233
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1233
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/49527
Trust: 0.6
url:http://www.milw0rm.com/exploits/8325
Trust: 0.6
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
sources:
            
            
            VULHUB: VHN-38679 // 
            
            
            
            BID: 34318 // 
            
            
            
            JVNDB: JVNDB-2009-001529 // 
            
            
            
            CNNVD: CNNVD-200904-045 // 
            
            
            
            NVD: CVE-2009-1233

CREDITS
Ahmed Obied
Trust: 0.9
sources:
            
            
            BID: 34318 // 
            
            
            
            CNNVD: CNNVD-200904-045

SOURCES
db:VULHUBid:VHN-38679
db:BIDid:34318
db:JVNDBid:JVNDB-2009-001529
db:CNNVDid:CNNVD-200904-045
db:NVDid:CVE-2009-1233

LAST UPDATE DATE
2024-11-23T22:39:32.880000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38679date:2017-09-29T00:00:00
db:BIDid:34318date:2015-04-13T21:11:00
db:JVNDBid:JVNDB-2009-001529date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200904-045date:2009-04-02T00:00:00
db:NVDid:CVE-2009-1233date:2024-11-21T01:01:58.223

SOURCES RELEASE DATE
db:VULHUBid:VHN-38679date:2009-04-02T00:00:00
db:BIDid:34318date:2009-03-31T00:00:00
db:JVNDBid:JVNDB-2009-001529date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200904-045date:2009-04-02T00:00:00
db:NVDid:CVE-2009-1233date:2009-04-02T17:30:00.297