CVE-2009-1704
Safari < 4.0 - Remote Code Execution via Misinterpreted Image File
Title source: llmDescription
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35344
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/35260
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022343
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1522
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35379
Patch, Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3613
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/55010
Scores
EPSS
0.0255
EPSS Percentile
83.1%
Details
CWE
CWE-94
Status
published
Products (26)
apple/safari
0.8
apple/safari
0.9
apple/safari
1.0
apple/safari
1.0.3
apple/safari
1.1
apple/safari
1.2
apple/safari
1.3
apple/safari
1.3.1
apple/safari
1.3.2
apple/safari
2.0
... and 16 more
Published
Jun 10, 2009
Tracked Since
Feb 18, 2026