// For flags

CVE-2009-1701

Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.

Vulnerabilidad de uso después de la liberación en la implementación en WebKit en Apple Safari anteriores a v4.0, permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de la aplicación) destruyendo un elemento document.body que tiene un contenedor XML no especificado con elementos que soportan el atributo dir.

This vulnerability allows attackers to execute arbitrary code on vulnerable software utilizing the Apple WebKit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
The specific flaw exists when the document.body element contains a specific XML container containing various elements supporting the 'dir' attribute. During the destruction of this element, if the rendering object responsible for the element is being removed, the application will then make a call to a method for an object that doesn't exist which can lead to code execution under the context of the current user.

*Credits: wushi&ling of team509
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-05-20 CVE Reserved
  • 2009-06-08 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-10-07 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.0.0
Search vendor "Apple" for product "Iphone Os" and version "1.0.0"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.0.0
Search vendor "Apple" for product "Iphone Os" and version "1.0.0"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.0.1
Search vendor "Apple" for product "Iphone Os" and version "1.0.1"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.0.1
Search vendor "Apple" for product "Iphone Os" and version "1.0.1"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.0.2
Search vendor "Apple" for product "Iphone Os" and version "1.0.2"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.0.2
Search vendor "Apple" for product "Iphone Os" and version "1.0.2"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.0
Search vendor "Apple" for product "Iphone Os" and version "1.1.0"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.0
Search vendor "Apple" for product "Iphone Os" and version "1.1.0"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.1
Search vendor "Apple" for product "Iphone Os" and version "1.1.1"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.1
Search vendor "Apple" for product "Iphone Os" and version "1.1.1"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.2
Search vendor "Apple" for product "Iphone Os" and version "1.1.2"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.2
Search vendor "Apple" for product "Iphone Os" and version "1.1.2"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.3
Search vendor "Apple" for product "Iphone Os" and version "1.1.3"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.3
Search vendor "Apple" for product "Iphone Os" and version "1.1.3"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.4
Search vendor "Apple" for product "Iphone Os" and version "1.1.4"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.4
Search vendor "Apple" for product "Iphone Os" and version "1.1.4"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.5
Search vendor "Apple" for product "Iphone Os" and version "1.1.5"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
1.1.5
Search vendor "Apple" for product "Iphone Os" and version "1.1.5"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0
Search vendor "Apple" for product "Iphone Os" and version "2.0"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0
Search vendor "Apple" for product "Iphone Os" and version "2.0"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0.0
Search vendor "Apple" for product "Iphone Os" and version "2.0.0"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0.0
Search vendor "Apple" for product "Iphone Os" and version "2.0.0"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0.1
Search vendor "Apple" for product "Iphone Os" and version "2.0.1"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0.1
Search vendor "Apple" for product "Iphone Os" and version "2.0.1"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0.2
Search vendor "Apple" for product "Iphone Os" and version "2.0.2"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.0.2
Search vendor "Apple" for product "Iphone Os" and version "2.0.2"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.1
Search vendor "Apple" for product "Iphone Os" and version "2.1"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.1
Search vendor "Apple" for product "Iphone Os" and version "2.1"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.1.1
Search vendor "Apple" for product "Iphone Os" and version "2.1.1"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.1.1
Search vendor "Apple" for product "Iphone Os" and version "2.1.1"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.2
Search vendor "Apple" for product "Iphone Os" and version "2.2"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.2
Search vendor "Apple" for product "Iphone Os" and version "2.2"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.2.1
Search vendor "Apple" for product "Iphone Os" and version "2.2.1"
-
Affected
in Apple
Search vendor "Apple"
Ipod Touch
Search vendor "Apple" for product "Ipod Touch"
*-
Affected
Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
2.2.1
Search vendor "Apple" for product "Iphone Os" and version "2.2.1"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
<= 3.2.2
Search vendor "Apple" for product "Safari" and version " <= 3.2.2"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0
Search vendor "Apple" for product "Safari" and version "2.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.0
Search vendor "Apple" for product "Safari" and version "2.0.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.1
Search vendor "Apple" for product "Safari" and version "2.0.1"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.2
Search vendor "Apple" for product "Safari" and version "2.0.2"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.3
Search vendor "Apple" for product "Safari" and version "2.0.3"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.3
Search vendor "Apple" for product "Safari" and version "2.0.3"
417.8
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.3
Search vendor "Apple" for product "Safari" and version "2.0.3"
417.9
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.3
Search vendor "Apple" for product "Safari" and version "2.0.3"
417.9.2
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.3
Search vendor "Apple" for product "Safari" and version "2.0.3"
417.9.3
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
2.0.4
Search vendor "Apple" for product "Safari" and version "2.0.4"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0
Search vendor "Apple" for product "Safari" and version "3.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.0
Search vendor "Apple" for product "Safari" and version "3.0.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.0b
Search vendor "Apple" for product "Safari" and version "3.0.0b"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.1
Search vendor "Apple" for product "Safari" and version "3.0.1"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.1
Search vendor "Apple" for product "Safari" and version "3.0.1"
beta
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.1b
Search vendor "Apple" for product "Safari" and version "3.0.1b"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.2
Search vendor "Apple" for product "Safari" and version "3.0.2"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.2b
Search vendor "Apple" for product "Safari" and version "3.0.2b"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.3
Search vendor "Apple" for product "Safari" and version "3.0.3"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.3b
Search vendor "Apple" for product "Safari" and version "3.0.3b"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.4
Search vendor "Apple" for product "Safari" and version "3.0.4"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.0.4b
Search vendor "Apple" for product "Safari" and version "3.0.4b"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.1.0
Search vendor "Apple" for product "Safari" and version "3.1.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.1.0b
Search vendor "Apple" for product "Safari" and version "3.1.0b"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.1.1
Search vendor "Apple" for product "Safari" and version "3.1.1"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.1.2
Search vendor "Apple" for product "Safari" and version "3.1.2"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.2.0
Search vendor "Apple" for product "Safari" and version "3.2.0"
-
Affected
Apple
Search vendor "Apple"
Safari
Search vendor "Apple" for product "Safari"
3.2.1
Search vendor "Apple" for product "Safari" and version "3.2.1"
-
Affected