Launchpad.net

CVE 2009-1698

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.zerodayinit...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-06-08-1
BID: 35260
SECTRACK: 1022345
SECUNIA: 35379
VUPEN: ADV-2009-1522
MISC: http://blog.zoller.lu/...
BID: 35318
OSVDB: 55006
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2009-06-17-1
VUPEN: ADV-2009-1621
REDHAT: RHSA-2009:1128
SECUNIA: 35588
FEDORA: FEDORA-2009-8020
FEDORA: FEDORA-2009-8039
FEDORA: FEDORA-2009-8046
FEDORA: FEDORA-2009-8049
SECUNIA: 36057
SECUNIA: 36062
UBUNTU: USN-822-1
DEBIAN: DSA-1950
MANDRIVA: MDVSA-2009:330
SECUNIA: 37746
UBUNTU: USN-857-1
UBUNTU: USN-836-1
SECUNIA: 36790
SUSE: SUSE-SR:2011:002
SECUNIA: 43068
VUPEN: ADV-2011-0212
OVAL: oval:org.mitre.oval:de...
BUGTRAQ: 20090608 ZDI-09-032: A...
BUGTRAQ: 20090614 [TZO-37-2009]...

Launchpad.net

CVE 2009-1698

Related bugs

References