CVE-2009-1692

iPhone OS 1.0-2.2.1 and iPod touch 1.1-2.2.1 - Denial of Service via HTMLSelectElement Length Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1692. PoCs published by Thierry Zoller.

AI-analyzed exploit summary This is a detailed technical analysis of CVE-2009-2542, a DoS vulnerability affecting multiple browsers and devices due to improper handling of the select() method with a large integer, leading to memory exhaustion. The writeup includes root cause analysis, affected products, patch status, and a proof-of-concept.

Description

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Thierry Zoller · textdosmultiple
https://www.exploit-db.com/exploits/9160

This is a detailed technical analysis of CVE-2009-2542, a DoS vulnerability affecting multiple browsers and devices due to improper handling of the select() method with a large integer, leading to memory exhaustion. The writeup includes root cause analysis, affected products, patch status, and a proof-of-concept.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Multiple browsers (IE5-8, Firefox, Chrome, Opera, Safari, etc.) and devices (iPhone, PS3, Wii, etc.)
No auth needed
Prerequisites: Browser or device with JavaScript support
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (20)

Core 20
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3639
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35446
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/9160
Various Sources x_refsource_misc
http://www.g-sec.lu/one-bug-to-rule-them-all.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43068
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1621
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0212
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35414
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504988/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37746
Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36977
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1950
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505006/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55242
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504969/100/0/threaded
Various Sources x_refsource_misc
https://bugs.webkit.org/show_bug.cgi?id=23319
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504989/100/0/threaded

Scores

EPSS 0.0424
EPSS Percentile 89.7%

Details

CWE
CWE-399
Status published
Products (20)
apple/iphone_os 1.0.0
apple/iphone_os 1.0.1
apple/iphone_os 1.0.2
apple/iphone_os 1.1.0
apple/iphone_os 1.1.1
apple/iphone_os 1.1.2
apple/iphone_os 1.1.3
apple/iphone_os 1.1.4
apple/iphone_os 1.1.5
apple/iphone_os 2.0
... and 10 more
Published Jun 19, 2009
Tracked Since Feb 18, 2026