CVE-2009-1704: Code Injection
First published: Wed Jun 10 2009(Updated: )
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | =1.1 | |
| Apple Safari | =1.3.1 | |
| Apple Safari | =3.2.3 | |
| Apple Safari | =2.0.2 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | =3.0 | |
| Apple Safari | =0.8 | |
| Apple Safari | =2.0 | |
| Apple Safari | =3.0.4 | |
| Apple Safari | =0.9 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =1.3.2 | |
| Apple Safari | =1.2 | |
| Apple Safari | <=4.0_beta | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =2.0.4 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =1.0.3 | |
| Apple Safari | =1.0 | |
| Apple Safari | =1.3 | |
| Apple Safari | =3.2 | |
| Apple Safari | =3.0.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | <=3.2.3 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =3.0 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.2.2 | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2009/1522
- http://www.securityfocus.com/bid/35260
- http://secunia.com/advisories/35379
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://support.apple.com/kb/HT3613
- http://securitytracker.com/id?1022343
- http://osvdb.org/55010
- http://www.securityfocus.com/bid/35344
Frequently Asked Questions
What is the severity of CVE-2009-1704?
CVE-2009-1704 is considered a high severity vulnerability due to its ability to execute arbitrary JavaScript code through manipulated image files.
How do I fix CVE-2009-1704?
To fix CVE-2009-1704, upgrade to Apple Safari version 4.0 or later, which addresses this vulnerability.
What versions of Safari are affected by CVE-2009-1704?
CVE-2009-1704 affects multiple versions of Safari up to 3.2.3, including versions 1.1, 1.3.1, and 2.0.2.
What type of attack can CVE-2009-1704 facilitate?
CVE-2009-1704 can facilitate remote code execution attacks by allowing attackers to run JavaScript via compromised image files.
Is CVE-2009-1704 specific to any operating system?
CVE-2009-1704 affects Apple Safari on both Mac and Windows operating systems.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/apple
- canonical/apple safari
- version/apple safari/1.1
- version/apple safari/1.3.1
- version/apple safari/3.2.3
- version/apple safari/2.0.2
- version/apple safari/3.1
- version/apple safari/3.1.2
- version/apple safari/3.0
- version/apple safari/0.8
- version/apple safari/2.0
- version/apple safari/3.0.4
- version/apple safari/0.9
- version/apple safari/3.0.3
- version/apple safari/1.3.2
- version/apple safari/1.2
- version/apple safari/4.0_beta
- version/apple safari/3.2.1
- version/apple safari/3.0.2
- version/apple safari/2.0.4
- version/apple safari/3.1.1
- version/apple safari/1.0.3
- version/apple safari/1.0
- version/apple safari/1.3
- version/apple safari/3.2
- version/apple safari/3.0.1
- version/apple safari/3.2.2