CVE-2009-1712: Code Injection
First published: Wed Jun 10 2009(Updated: )
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Safari | =1.1 | |
| Apple Safari | =1.3.1 | |
| Apple Safari | =3.2.3 | |
| Apple Safari | =2.0.2 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | =3.0 | |
| Apple Safari | =0.8 | |
| Apple Safari | =2.0 | |
| Apple Safari | =3.0.4 | |
| Apple Safari | =0.9 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =1.3.2 | |
| Apple Safari | =1.2 | |
| Apple Safari | <=4.0_beta | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =2.0.4 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =1.0.3 | |
| Apple Safari | =1.0 | |
| Apple Safari | =1.3 | |
| Apple Safari | =3.2 | |
| Apple Safari | =3.0.1 | |
| Apple Safari | =3.1.2 | |
| Apple Safari | <=3.2.3 | |
| Apple Safari | =3.0.3 | |
| Apple Safari | =3.0.2 | |
| Apple Safari | =3.1.1 | |
| Apple Safari | =3.0 | |
| Apple Safari | =3.1 | |
| Apple Safari | =3.2.2 | |
| Apple Safari | =3.2.1 | |
| Apple Safari | =3.0.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://secunia.com/advisories/35379
- http://support.apple.com/kb/HT3613
- http://securitytracker.com/id?1022345
- http://www.vupen.com/english/advisories/2009/1522
- http://www.securityfocus.com/bid/35260
- http://osvdb.org/55022
- http://www.securityfocus.com/bid/35350
- http://secunia.com/advisories/37746
- http://www.debian.org/security/2009/dsa-1950
- http://www.ubuntu.com/usn/USN-857-1
- http://www.ubuntu.com/usn/USN-836-1
- http://secunia.com/advisories/36790
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://www.vupen.com/english/advisories/2011/0212
- http://secunia.com/advisories/43068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51266
Frequently Asked Questions
What is the severity of CVE-2009-1712?
CVE-2009-1712 is considered a high-severity vulnerability as it allows remote attackers to execute arbitrary code and gain privileges.
How do I fix CVE-2009-1712?
To fix CVE-2009-1712, users should upgrade Apple Safari to version 4.0 or later.
What versions of Safari are affected by CVE-2009-1712?
CVE-2009-1712 affects multiple versions of Safari prior to 4.0, including versions 1.0 through 3.2.3.
What types of attacks does CVE-2009-1712 allow?
CVE-2009-1712 allows remote attackers to execute arbitrary code, gain elevated privileges, or obtain sensitive information.
Is there a patch available for CVE-2009-1712?
Yes, Apple released a patch for CVE-2009-1712 in Safari version 4.0.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-historical
- collector/nvd-index
- vendor/apple
- canonical/apple safari
- version/apple safari/1.1
- version/apple safari/1.3.1
- version/apple safari/3.2.3
- version/apple safari/2.0.2
- version/apple safari/3.1
- version/apple safari/3.1.2
- version/apple safari/3.0
- version/apple safari/0.8
- version/apple safari/2.0
- version/apple safari/3.0.4
- version/apple safari/0.9
- version/apple safari/3.0.3
- version/apple safari/1.3.2
- version/apple safari/1.2
- version/apple safari/4.0_beta
- version/apple safari/3.2.1
- version/apple safari/3.0.2
- version/apple safari/2.0.4
- version/apple safari/3.1.1
- version/apple safari/1.0.3
- version/apple safari/1.0
- version/apple safari/1.3
- version/apple safari/3.2
- version/apple safari/3.0.1
- version/apple safari/3.2.2