what you don't know can hurt you
Showing 1 - 4 of 4 RSS Feed

CVE-2009-1709

Status Candidate

Overview

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Related Files

Mandriva Linux Security Advisory 2010-182
Posted Sep 15, 2010
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-182 - Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified caches.

tags | advisory, remote, denial of service, arbitrary
systems | linux, apple, mandriva
advisories | CVE-2009-1709
MD5 | 055475e4227769ea0010aaf05f22048d
Mandriva Linux Security Advisory 2009-331
Posted Dec 11, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-331 - Multiple vulnerabilities have been found and corrected in kdegraphics.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0791, CVE-2009-0945, CVE-2009-1709
MD5 | 5195ba10f7cfdea5ea8065c269a9057d
Ubuntu Security Notice 823-1
Posted Aug 25, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-823-1 - It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2009-0945, CVE-2009-1709
MD5 | a5e8c4e33e255b6e59078899cb3e8c50
Zero Day Initiative Advisory 09-034
Posted Jun 9, 2009
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 09-034 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the garbage collection of JavaScript set elements in WebCore. When an SVG set object is appended to an SVG marker element that is dereferenced, calls to the targetElement attribute will fail to reference count the marker element. When the set element is appended to another object, subsequent calls to the targetElement attribute will result in a heap corruption which can be leveraged to execute arbitrary code under the context of the current user.

tags | advisory, remote, arbitrary, javascript
systems | apple
advisories | CVE-2009-1709
MD5 | 6135b70ab03aa28488ec04c1b11866a1
Page 1 of 1
Back1Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close