Vulnerabilities > CVE-2009-1692 - Resource Management Errors vulnerability in Apple Iphone OS, Ipod Touch and Safari

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
apple
CWE-399
nessus
exploit available

Summary

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

Common Weakness Enumeration (CWE)

Exploit-Db

idEDB-ID:9160

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1950.NASL
    descriptionSeveral vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. - CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
    last seen2020-06-01
    modified2020-06-02
    plugin id44815
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44815
    titleDebian DSA-1950-1 : webkit - several vulnerabilities
  • NASL familyWindows
    NASL idGOOGLE_CHROME_2_0_172_37.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 2.0.172.37. Such versions are reportedly affected by multiple issues : - A heap overflow exists when evaluating specially crafted regular expressions in JavaScript. This could lead to a denial of service or the execution of arbitrary code within the Google Chrome sandbox. (Issue 14719) - A memory corruption issue exists in the renderer process that could cause a denial of service or possibly allow arbitrary code execution with the privileges of the logged on user. (CVE-2009-2556) - Creating a Select object with a very large length can result in memory exhaustion, causing a denial of service.
    last seen2020-06-01
    modified2020-06-02
    plugin id39852
    published2009-07-17
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39852
    titleGoogle Chrome < 2.0.172.37 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-027.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id48170
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48170
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-028.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \
    last seen2020-06-01
    modified2020-06-02
    plugin id48171
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48171
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBWEBKIT-110111.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id53764
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53764
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBWEBKIT-110104.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id75629
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75629
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/79310/GSEC-TZO-26-2009.txt
idPACKETSTORM:79310
last seen2016-12-05
published2009-07-17
reporterThierry Zoller
sourcehttps://packetstormsecurity.com/files/79310/ECMAScript-Denial-Of-Service.html
titleECMAScript Denial Of Service

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:14826
last seen2017-11-19
modified2009-07-15
published2009-07-15
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-14826
titleMultiple Web Browsers Denial of Service Exploit (1 bug to rule them all)