CVE-2009-1698

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Affected products

• Apple / iphone_os1.0.0 – 1.0.0
• Apple / iphone_os1.0.1 – 1.0.1
• Apple / iphone_os1.0.2 – 1.0.2
• Apple / iphone_os1.1.0 – 1.1.0
• Apple / iphone_os1.1.1 – 1.1.1
• Apple / iphone_os1.1.2 – 1.1.2
• Apple / iphone_os1.1.3 – 1.1.3
• Apple / iphone_os1.1.4 – 1.1.4
• Apple / iphone_os1.1.5 – 1.1.5
• Apple / iphone_os2.0 – 2.0
• Apple / iphone_os2.0.0 – 2.0.0
• Apple / iphone_os2.0.1 – 2.0.1
• Apple / iphone_os2.0.2 – 2.0.2
• Apple / iphone_os2.1 – 2.1
• Apple / iphone_os2.1.1 – 2.1.1
• Apple / iphone_os2.2 – 2.2
• Apple / iphone_os2.2.1 – 2.2.1
• Apple / iphone_os
• Apple / ipod_touch
• Apple / Safari3.0.3 – 3.0.3
• Apple / Safari3.0.3b – 3.0.3b
• Apple / Safari3.0.4 – 3.0.4
• Apple / Safari3.0.4b – 3.0.4b
• Apple / Safari3.1.0 – 3.1.0
• Apple / Safari3.2.2
• Apple / Safari3.1.1 – 3.1.1
• Apple / Safari3.1.2 – 3.1.2
• Apple / Safari3.2.0 – 3.2.0
• Apple / Safari3.2.1 – 3.2.1
• Apple / Safari3.1.0b – 3.1.0b
• Apple / Safari2.0 – 2.0
• Apple / Safari2.0.0 – 2.0.0
• Apple / Safari2.0.1 – 2.0.1
• Apple / Safari2.0.2 – 2.0.2
• Apple / Safari2.0.3 – 2.0.3
• Apple / Safari2.0.3 – 2.0.3
• Apple / Safari2.0.3 – 2.0.3
• Apple / Safari2.0.3 – 2.0.3
• Apple / Safari2.0.3 – 2.0.3
• Apple / Safari2.0.4 – 2.0.4
• Apple / Safari3.0 – 3.0
• Apple / Safari3.0.0 – 3.0.0
• Apple / Safari3.0.0b – 3.0.0b
• Apple / Safari3.0.1 – 3.0.1
• Apple / Safari3.0.1 – 3.0.1
• Apple / Safari3.0.1b – 3.0.1b
• Apple / Safari3.0.2 – 3.0.2
• Apple / Safari3.0.2b – 3.0.2b

References

• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-822-1
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT3639
• VENDOR_ADVISORYhttp://secunia.com/advisories/43068
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2009:330
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1621
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2011/0212
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/35588
• MISChttp://www.securityfocus.com/bid/35260
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/1522
• VENDOR_ADVISORYhttp://secunia.com/advisories/37746
• VENDOR_ADVISORYhttp://www.zerodayinitiative.com/advisories/ZDI-09-032/
• MISChttp://securitytracker.com/id?1022345
• VENDOR_ADVISORYhttp://secunia.com/advisories/36790
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
• MISChttp://www.securityfocus.com/archive/1/504173/100/0/threaded
• MISChttp://www.securityfocus.com/archive/1/504295/100/0/threaded
• VENDOR_ADVISORYhttp://www.debian.org/security/2009/dsa-1950
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
• MISChttp://www.redhat.com/support/errata/RHSA-2009-1128.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/35379
• MISChttp://osvdb.org/55006
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484
• VENDOR_ADVISORYhttp://secunia.com/advisories/36062
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-857-1
• VENDOR_ADVISORYhttp://secunia.com/advisories/36057
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
• VENDOR_ADVISORYhttp://support.apple.com/kb/HT3613
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-836-1
• MISChttp://www.securityfocus.com/bid/35318
• MISChttp://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html