// For flags

CVE-2009-1705

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.

CoreGraphics en Apple Safari anteriores a v4.0 en Windows no utiliza adecuadamente la aritmética durante la inicialización automática de las fuentes TrueType, lo que permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una fuente de datos manipulada.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-05-20 CVE Reserved
  • 2009-06-10 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2024-12-19 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-189: Numeric Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 <= 3.2.3
Search vendor "Apple" for product "Safari" and version " <= 3.2.3"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.0
Search vendor "Apple" for product "Safari" and version "3.0"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.0.1
Search vendor "Apple" for product "Safari" and version "3.0.1"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.0.2
Search vendor "Apple" for product "Safari" and version "3.0.2"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.0.3
Search vendor "Apple" for product "Safari" and version "3.0.3"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.0.4
Search vendor "Apple" for product "Safari" and version "3.0.4"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.1
Search vendor "Apple" for product "Safari" and version "3.1"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.1.1
Search vendor "Apple" for product "Safari" and version "3.1.1"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.1.2
Search vendor "Apple" for product "Safari" and version "3.1.2"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.2
Search vendor "Apple" for product "Safari" and version "3.2"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.2.1
Search vendor "Apple" for product "Safari" and version "3.2.1"
windows
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 3.2.2
Search vendor "Apple" for product "Safari" and version "3.2.2"
windows
Affected