Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiAnonymousZDI-09-034
HistoryJun 08, 2009 - 12:00 a.m.

Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability

2009-06-0800:00:00
Anonymous
www.zerodayinitiative.com
16

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set elements in WebCore. When an SVG set object is appended to an SVG marker element that is dereferenced, calls to the targetElement attribute will fail to reference count the marker element. When the set element is appended to another object, subsequent calls to the targetElement attribute will result in a heap corruption which can be leveraged to execute arbitrary code under the context of the current user.

Related

openvas 16
ubuntucve 1
nessus 12
cve 1
prion 1
securityvulns 2
debiancve 1
veracode 1
altlinux 1
debian 1
redhat 1
ubuntu 1
osv 1
centos 1
seebug 1
openvas
openvas
Mandriva Update for kdegraphics MDVSA-2010:182 (kdegraphics)
2010-09-22 00:00:00
Mandriva Update for kdegraphics MDVSA-2010:182 (kdegraphics)
2010-09-22 00:00:00
Ubuntu: Security Advisory (USN-823-1)
2009-09-02 00:00:00
ubuntucve
ubuntucve
CVE-2009-1709
2009-06-10 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : kdegraphics (MDVSA-2010:182)
2010-09-16 00:00:00
Debian DSA-1866-1 : kdegraphics - several vulnerabilities
2010-02-24 00:00:00
RHEL 5 : kdegraphics (RHSA-2009:1130)
2009-06-26 00:00:00
cve
cve
CVE-2009-1709
2009-06-10 18:00:00
prion
prion
Design/Logic Flaw
2009-06-10 18:00:00
securityvulns
securityvulns
ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability
2009-06-09 00:00:00
WebKit / Apple Safari multiple security vulnerabilities
2009-06-23 00:00:00
debiancve
debiancve
CVE-2009-1709
2009-06-10 18:00:00
veracode
veracode
Use After Free
2020-04-10 00:39:15
altlinux
altlinux
Security fix for the ALT Linux 5 package kdegraphics version 3.5.10-alt4
2009-12-24 00:00:00
debian
debian
[SECURITY] [DSA 1866-1] New kdegraphics packages fix several vulnerabilities
2009-08-19 12:33:15
redhat
redhat
(RHSA-2009:1130) Critical: kdegraphics security update
2009-06-25 00:00:00
ubuntu
ubuntu
KDE-Graphics vulnerabilities
2009-08-24 00:00:00
osv
osv
kdegraphics - several vulnerabilities
2009-08-19 00:00:00
centos
centos
kdegraphics security update
2009-06-26 14:06:51
seebug
seebug
Apple Safari 4.0多个安全漏洞
2009-06-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.5%

JSON
Related for ZDI-09-034
openvas16ubuntucve1nessus12cve1prion1securityvulns2debiancve1veracode1altlinux1debian1redhat1ubuntu1osv1centos1seebug1