CVE-2009-1725 Information
Description
WebKit in Apple Safari before 4.0.2 as used on iPhone OS before 3.1 iPhone OS before 3.1.1 for iPod touch and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Reference
http://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://osvdb.org/55739 http://secunia.com/advisories/35758 http://secunia.com/advisories/36057 http://secunia.com/advisories/36062 http://secunia.com/advisories/36347 http://secunia.com/advisories/36677 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT3666 http://support.apple.com/kb/HT3860 http://websvn.kde.org/?view=rev&revision=1002162 http://websvn.kde.org/?view=rev&revision=1002163 http://websvn.kde.org/?view=rev&revision=1002164 http://www.debian.org/security/2009/dsa-1950 http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 http://www.securityfocus.com/bid/35607 http://www.securitytracker.com/id?1022526 http://www.ubuntu.com/usn/USN-836-1 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1827 http://www.vupen.com/english/advisories/2011/0212 https://bugzilla.redhat.com/show_bug.cgi?id=513813 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A5777 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00931.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00933.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
Share on: