CVE-2009-0945 – Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. WebKit, utilizado en Safari anterior a v3.2.3 y v4 Public Beta, en Apple Mac OS X v10.4.11 y v10.5 y anteriores a v10.5.7 y Windows permite a atacantes remotos ejecutar código arbitrario a través de un objeto elaborado SVGList que provoca una corrupción de memoria. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists during the parsing of malformed SVGLists via the SVGPathList data structure, the following lists are affected: SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, SVGLengthList. When a negative index argument is suppled to the insertItemBefore() method, a memory corruption occurs resulting in the ability to execute arbitrary code. • http://code.google.com/p/chromium/issues/detail?id=9019 http://googlechromereleases.blogspot.com/2009/05/stable-update-bug-fix.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-476: NULL Pointer Dereference •
CVE-2009-0946 – freetype: multiple integer overflows
https://notcve.org/view.php?id=CVE-2009-0946
Multiple integer overflows in FreeType 2.3.9 and earlier allow remote attackers to execute arbitrary code via vectors related to large values in certain inputs in (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, and (3) cff/cffload.c. Múltiples desbordamientos de entero en FreeType v2.3.9 y anteriores permiten a atacantes remotos ejecutar código de su elección mediante vectores relacionados con valores grandes en ciertas entradas en (1) smooth/ftsmooth.c, (2) sfnt/ttcmap.c, y (3) cff/cffload.c. • http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0545ec1ca36b27cb928128870a83e5f668980bc5 http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=79972af4f0485a11dcb19551356c45245749fc5b http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a18788b14db60ae3673f932249cd02d33a227c4e http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.apple.com/archives/security-announce/2009/May/msg • CWE-190: Integer Overflow or Wraparound •
CVE-2009-1233 – Apple Safari 3.2.2/4b - nested elements XML Parsing Remote Crash
https://notcve.org/view.php?id=CVE-2009-1233
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. Apple Safari v3.2.2 y v4 Beta en Windows permite a atacantes remotos producir una denegación de servicio (caída de aplicación) a través de un documento XML que contiene elementos "A" anidados. • https://www.exploit-db.com/exploits/8325 http://www.securityfocus.com/bid/34318 https://exchange.xforce.ibmcloud.com/vulnerabilities/49527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5559 • CWE-20: Improper Input Validation •
CVE-2009-0744 – Apple Safari 4 - 'feeds:' URI Null Pointer Dereference Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0744
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character. Apple Safari v4 beta Build 528,16 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída de la aplicación) a través de los canales: URI que comienzen con (1)% (por ciento), (2) ((abrir paréntesis), (3) ) (Cerrar paréntesis), (4) ^ (acento doble), (5) '(comilla), o (6) | (entubamiento), seguido de un & carácter (ampersand). • https://www.exploit-db.com/exploits/32817 http://www.securityfocus.com/archive/1/501229/100/0/threaded http://www.securityfocus.com/bid/33909 https://exchange.xforce.ibmcloud.com/vulnerabilities/48943 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6066 • CWE-20: Improper Input Validation •
CVE-2009-0321 – Apple Safari For Windows 3.2.1 - URI Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-0321
Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence. Apple Safari v3.2.1 (también conocido como AppVer 3.525.27.1) sobre Windows, permite a atacantes remotos provocar una denegación de servicio (bucle infinito o violación de acceso) a través de un enlace a una URI http en la que la "porción de autoridad" (también conocido como hostname) es cualquier secuencia (1) . (punto) o (2) .. • https://www.exploit-db.com/exploits/32761 http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html http://www.securityfocus.com/bid/33481 https://exchange.xforce.ibmcloud.com/vulnerabilities/48284 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •