CVE-2009-1704

Safari < 4.0 - Remote Code Execution via Misinterpreted Image File

Title source: llm
STIX 2.1

Description

CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35344
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35260
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022343
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1522
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35379
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3613
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/55010

Scores

EPSS 0.0255
EPSS Percentile 83.1%

Details

CWE
CWE-94
Status published
Products (26)
apple/safari 0.8
apple/safari 0.9
apple/safari 1.0
apple/safari 1.0.3
apple/safari 1.1
apple/safari 1.2
apple/safari 1.3
apple/safari 1.3.1
apple/safari 1.3.2
apple/safari 2.0
... and 16 more
Published Jun 10, 2009
Tracked Since Feb 18, 2026