CVE-2009-1701
Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.
Vulnerabilidad de uso después de la liberación en la implementación en WebKit en Apple Safari anteriores a v4.0, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) destruyendo un elemento document.body que tiene un contenedor XML no especificado con elementos que soportan el atributo dir.
This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user.
*Credits:
wushi&ling of team509
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-20 CVE Reserved
- 2009-06-08 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- 2024-09-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/55008 | Vdb Entry | |
| http://secunia.com/advisories/43068 | Third Party Advisory | |
| http://support.apple.com/kb/HT3639 | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/504172/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/35325 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2009/1621 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0212 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/35260 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html | 2022-08-09 | |
| http://securitytracker.com/id?1022345 | 2022-08-09 | |
| http://support.apple.com/kb/HT3613 | 2022-08-09 | |
| http://www.vupen.com/english/advisories/2009/1522 | 2022-08-09 | |
| http://www.zerodayinitiative.com/advisories/ZDI-09-033 | 2022-08-09 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html | 2022-08-09 | |
| http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html | 2022-08-09 | |
| http://secunia.com/advisories/35379 | 2022-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.0 Search vendor "Apple" for product "Iphone Os" and version "1.0.0" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.0 Search vendor "Apple" for product "Iphone Os" and version "1.0.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.1 Search vendor "Apple" for product "Iphone Os" and version "1.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.1 Search vendor "Apple" for product "Iphone Os" and version "1.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.2 Search vendor "Apple" for product "Iphone Os" and version "1.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.0.2 Search vendor "Apple" for product "Iphone Os" and version "1.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.0 Search vendor "Apple" for product "Iphone Os" and version "1.1.0" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.0 Search vendor "Apple" for product "Iphone Os" and version "1.1.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.1 Search vendor "Apple" for product "Iphone Os" and version "1.1.1" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.1 Search vendor "Apple" for product "Iphone Os" and version "1.1.1" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.2 Search vendor "Apple" for product "Iphone Os" and version "1.1.2" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.2 Search vendor "Apple" for product "Iphone Os" and version "1.1.2" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.3 Search vendor "Apple" for product "Iphone Os" and version "1.1.3" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.3 Search vendor "Apple" for product "Iphone Os" and version "1.1.3" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.4 Search vendor "Apple" for product "Iphone Os" and version "1.1.4" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.4 Search vendor "Apple" for product "Iphone Os" and version "1.1.4" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.5 Search vendor "Apple" for product "Iphone Os" and version "1.1.5" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 1.1.5 Search vendor "Apple" for product "Iphone Os" and version "1.1.5" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0 Search vendor "Apple" for product "Iphone Os" and version "2.0" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0 Search vendor "Apple" for product "Iphone Os" and version "2.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0.0 Search vendor "Apple" for product "Iphone Os" and version "2.0.0" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0.0 Search vendor "Apple" for product "Iphone Os" and version "2.0.0" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0.1 Search vendor "Apple" for product "Iphone Os" and version "2.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0.1 Search vendor "Apple" for product "Iphone Os" and version "2.0.1" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0.2 Search vendor "Apple" for product "Iphone Os" and version "2.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.0.2 Search vendor "Apple" for product "Iphone Os" and version "2.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.1 Search vendor "Apple" for product "Iphone Os" and version "2.1" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.1 Search vendor "Apple" for product "Iphone Os" and version "2.1" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.1.1 Search vendor "Apple" for product "Iphone Os" and version "2.1.1" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.1.1 Search vendor "Apple" for product "Iphone Os" and version "2.1.1" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.2 Search vendor "Apple" for product "Iphone Os" and version "2.2" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.2 Search vendor "Apple" for product "Iphone Os" and version "2.2" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.2.1 Search vendor "Apple" for product "Iphone Os" and version "2.2.1" | - |
Affected
| in | Apple Search vendor "Apple" | Ipod Touch Search vendor "Apple" for product "Ipod Touch" | * | - |
Affected
|
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 2.2.1 Search vendor "Apple" for product "Iphone Os" and version "2.2.1" | - |
Affected
| in | Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | * | - |
Affected
|
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 3.2.2 Search vendor "Apple" for product "Safari" and version " <= 3.2.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0 Search vendor "Apple" for product "Safari" and version "2.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.0 Search vendor "Apple" for product "Safari" and version "2.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.1 Search vendor "Apple" for product "Safari" and version "2.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.2 Search vendor "Apple" for product "Safari" and version "2.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.8 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.9 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.9.2 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.3 Search vendor "Apple" for product "Safari" and version "2.0.3" | 417.9.3 |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 2.0.4 Search vendor "Apple" for product "Safari" and version "2.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0 Search vendor "Apple" for product "Safari" and version "3.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.0 Search vendor "Apple" for product "Safari" and version "3.0.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.0b Search vendor "Apple" for product "Safari" and version "3.0.0b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1 Search vendor "Apple" for product "Safari" and version "3.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1 Search vendor "Apple" for product "Safari" and version "3.0.1" | beta |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1b Search vendor "Apple" for product "Safari" and version "3.0.1b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.2 Search vendor "Apple" for product "Safari" and version "3.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.2b Search vendor "Apple" for product "Safari" and version "3.0.2b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.3 Search vendor "Apple" for product "Safari" and version "3.0.3" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.3b Search vendor "Apple" for product "Safari" and version "3.0.3b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.4 Search vendor "Apple" for product "Safari" and version "3.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.4b Search vendor "Apple" for product "Safari" and version "3.0.4b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.0 Search vendor "Apple" for product "Safari" and version "3.1.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.0b Search vendor "Apple" for product "Safari" and version "3.1.0b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.1 Search vendor "Apple" for product "Safari" and version "3.1.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.1.2 Search vendor "Apple" for product "Safari" and version "3.1.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.0 Search vendor "Apple" for product "Safari" and version "3.2.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.2.1 Search vendor "Apple" for product "Safari" and version "3.2.1" | - |
Affected
| ||||||