[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0945Date: (C)2009-05-13   (M)2024-02-16


Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 9.3
Exploit Score: 8.6
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1022207
http://www.securityfocus.com/archive/1/503594/100/0/threaded
BID-34924
SECUNIA-35056
SECUNIA-35074
SECUNIA-35095
SECUNIA-35576
SECUNIA-35805
SECUNIA-36062
SECUNIA-36461
SECUNIA-36790
SECUNIA-37746
SECUNIA-43068
ADV-2009-1297
ADV-2009-1298
ADV-2009-1321
ADV-2009-1621
ADV-2011-0212
APPLE-SA-2009-05-12
APPLE-SA-2009-06-17-1
DSA-1950
FEDORA-2009-6166
FEDORA-2009-8039
FEDORA-2009-8049
RHSA-2009:1130
SUSE-SR:2011:002
TA09-133A
USN-822-1
USN-823-1
USN-836-1
USN-857-1
http://code.google.com/p/chromium/issues/detail?id=9019
http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html
http://support.apple.com/kb/HT3549
http://support.apple.com/kb/HT3550
http://support.apple.com/kb/HT3639
http://www.zerodayinitiative.com/advisories/ZDI-09-022
oval:org.mitre.oval:def:11584
safari-webkit-svglist-bo(50477)

CPE    68
cpe:/o:apple:mac_os_x_server:10.5.6
cpe:/o:apple:mac_os_x_server:10.5.4
cpe:/o:apple:mac_os_x_server:10.5.3
cpe:/o:microsoft:windows_xp
...
CWE    1
CWE-94
OVAL    22
oval:org.secpod.oval:def:700364
oval:org.secpod.oval:def:700474
oval:org.secpod.oval:def:17286
oval:org.secpod.oval:def:700377
...

© SecPod Technologies