9.3

CVE-2009-1690

Exploit

EPSS 12.22%
Published 10.06.2009 14:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

Affected products Warnungen 0 Metrics 2 CWE 0 References 31

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ Safari Editionmac Version <= 4.0_beta

Apple ≫ Safari Version0.8 Editionmac

Apple ≫ Safari Version0.9 Editionmac

Apple ≫ Safari Version1.0 Editionmac

Apple ≫ Safari Version1.0.3 Editionmac

Apple ≫ Safari Version1.1 Editionmac

Apple ≫ Safari Version1.2 Editionmac

Apple ≫ Safari Version1.3 Editionmac

Apple ≫ Safari Version1.3.1 Editionmac

Apple ≫ Safari Version1.3.2 Editionmac

Apple ≫ Safari Version2.0 Editionmac

Apple ≫ Safari Version2.0.2 Editionmac

Apple ≫ Safari Version2.0.4 Editionmac

Apple ≫ Safari Version3.0 Editionmac

Apple ≫ Safari Version3.0.2 Update- Editionmac

Apple ≫ Safari Version3.0.3 Editionmac

Apple ≫ Safari Version3.0.4 Editionmac

Apple ≫ Safari Version3.1 Editionmac

Apple ≫ Safari Version3.1.1 Editionmac

Apple ≫ Safari Version3.1.2 Editionmac

Apple ≫ Safari Version3.2.1 Editionmac

Apple ≫ Safari Version3.2.3 Editionmac

Apple ≫ Safari Editionwindows Version <= 3.2.3

Apple ≫ Safari Version3.0 Editionwindows

Apple ≫ Safari Version3.0.1 Editionwindows

Apple ≫ Safari Version3.0.2 Editionwindows

Apple ≫ Safari Version3.0.3 Editionwindows

Apple ≫ Safari Version3.0.4 Editionwindows

Apple ≫ Safari Version3.1 Editionwindows

Apple ≫ Safari Version3.1.1 Editionwindows

Apple ≫ Safari Version3.1.2 Editionwindows

Apple ≫ Safari Version3.2 Update- Editionwindows

Apple ≫ Safari Version3.2.1 Editionwindows

Apple ≫ Safari Version3.2.2 Editionwindows

Apple ≫ iPhone OS Version1.0

Apple ≫ iPhone OS Version1.0.0

Apple ≫ iPhone OS Version1.0.1

Apple ≫ iPhone OS Version1.0.1 Update- Editioniphone

Apple ≫ iPhone OS Version1.0.2

Apple ≫ iPhone OS Version1.0.2 Update- Editioniphone

Apple ≫ iPhone OS Version1.1

Apple ≫ iPhone OS Version1.1.0

Apple ≫ iPhone OS Version1.1.0 Update- Editioniphone

Apple ≫ iPhone OS Version1.1.0 Update- Editionipodtouch

Apple ≫ iPhone OS Version1.1.1

Apple ≫ iPhone OS Version1.1.1 Update- Editioniphone

Apple ≫ iPhone OS Version1.1.2

Apple ≫ iPhone OS Version1.1.2 Update- Editioniphone

Apple ≫ iPhone OS Version1.1.2 Update- Editionipodtouch

Apple ≫ iPhone OS Version1.1.3

Apple ≫ iPhone OS Version1.1.3 Update- Editioniphone

Apple ≫ iPhone OS Version1.1.3 Update- Editionipodtouch

Apple ≫ iPhone OS Version1.1.4

Apple ≫ iPhone OS Version1.1.4 Update- Editioniphone

Apple ≫ iPhone OS Version1.1.4 Update- Editionipodtouch

Apple ≫ iPhone OS Version1.1.5

Apple ≫ iPhone OS Version1.1.5 Update- Editioniphone

Apple ≫ iPhone OS Version1.1.5 Update- Editionipodtouch

Apple ≫ iPhone OS Version2.0

Apple ≫ iPhone OS Version2.0.0

Apple ≫ iPhone OS Version2.0.0 Update- Editioniphone

Apple ≫ iPhone OS Version2.0.0 Update- Editionipodtouch

Apple ≫ iPhone OS Version2.0.1

Apple ≫ iPhone OS Version2.0.1 Update- Editioniphone

Apple ≫ iPhone OS Version2.0.1 Update- Editionipodtouch

Apple ≫ iPhone OS Version2.0.2

Apple ≫ iPhone OS Version2.0.2 Update- Editioniphone

Apple ≫ iPhone OS Version2.0.2 Update- Editionipodtouch

Apple ≫ iPhone OS Version2.1

Apple ≫ iPhone OS Version2.1 Update- Editioniphone

Apple ≫ iPhone OS Version2.1 Update- Editionipodtouch

Apple ≫ iPhone OS Version2.2 Update- Editioniphone

Apple ≫ iPhone OS Version2.2 Update- Editionipodtouch

Apple ≫ iPhone OS Version2.2.1 Update- Editioniphone

Apple ≫ iPhone OS Version2.2.1 Update- Editionipodtouch

Google ≫ Chrome Version1.0.154.53

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	12.22%	0.936

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

Patch

Vendor Advisory

http://secunia.com/advisories/35379

Vendor Advisory

http://support.apple.com/kb/HT3613

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1522

Patch

Vendor Advisory

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

Patch

Vendor Advisory

http://support.apple.com/kb/HT3639

Patch

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1621

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Vendor Advisory

http://secunia.com/advisories/36062

Vendor Advisory

http://secunia.com/advisories/36790

Vendor Advisory

http://secunia.com/advisories/37746

Vendor Advisory

http://www.debian.org/security/2009/dsa-1950

http://www.ubuntu.com/usn/USN-822-1

http://www.ubuntu.com/usn/USN-836-1

http://www.ubuntu.com/usn/USN-857-1

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html

http://www.securityfocus.com/bid/35260

Patch

Exploit

http://securitytracker.com/id?1022345

Patch

http://secunia.com/advisories/36057

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:330

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html

https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803

http://osvdb.org/54990

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009

https://nvd.nist.gov/vuln/detail/CVE-2009-1690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1690

EUVD