CVE-2009-1692 Information

Description

WebKit before r41741 as used in Apple iPhone OS 1.0 through 2.2.1 iPhone OS for iPod touch 1.1 through 2.2.1 Safari and other software allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute related to the length property of a Select object.

Reference

http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html121 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55242 http://secunia.com/advisories/36977 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3639 http://www.debian.org/security/2009/dsa-1950 http://www.g-sec.lu/one-bug-to-rule-them-all.html http://www.securityfocus.com/archive/1/504969/100/0/threaded http://www.securityfocus.com/archive/1/504988/100/0/threaded http://www.securityfocus.com/archive/1/504989/100/0/threaded http://www.securityfocus.com/archive/1/505006/100/0/threaded http://www.securityfocus.com/bid/35414 http://www.securityfocus.com/bid/35446 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212 https://bugs.webkit.org/show_bug.cgi?id=23319 https://www.exploit-db.com/exploits/9160