Sign-up

ID

VAR-200901-0302


CVE

CVE-2009-0070


TITLE

Apple Safari of Integer signedness Arbitrary memory location in error is read and service operation is interrupted (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-001649

DESCRIPTION

Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307. This vulnerability is CVE-2008-2307 Vulnerability related to. Apple iPhone and iPod touch are prone to multiple remote vulnerabilities: 1. A vulnerability that may allow users to spoof websites. 2. 3. 4. Successfully exploiting these issues may allow attackers to execute arbitrary code, crash the affected application, obtain sensitive information, or direct unsuspecting victims to a spoofed site; other attacks are also possible. These issues affect iPhone 1.0 through 1.1.4 and iPod touch 1.1 through 1.1.4. Apple Safari has an integer symbol type error vulnerability

Trust: 1.98

sources: NVD: CVE-2009-0070 // JVNDB: JVNDB-2009-001649 // BID: 30186 // VULHUB: VHN-37516

AFFECTED PRODUCTS

vendor:applemodel:safariscope: - version: -

Trust: 1.4

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.4

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:1

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4

Trust: 0.3

vendor:applemodel:safariscope:neversion:4

Trust: 0.3

vendor:applemodel:ipod touchscope:neversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:neversion:2.0

Trust: 0.3

sources: BID: 30186 // JVNDB: JVNDB-2009-001649 // CNNVD: CNNVD-200901-087 // NVD: CVE-2009-0070

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-0070
value: HIGH

Trust: 1.0

NVD: CVE-2009-0070
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200901-087
value: CRITICAL

Trust: 0.6

VULHUB: VHN-37516
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-0070
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-37516
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-37516 // JVNDB: JVNDB-2009-001649 // CNNVD: CNNVD-200901-087 // NVD: CVE-2009-0070

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-37516 // JVNDB: JVNDB-2009-001649 // NVD: CVE-2009-0070

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200901-087

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200901-087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001649

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-37516

PATCH
title:HT1222url:http://support.apple.com/kb/HT1222
Trust: 0.8
title:Apple Safari Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156688
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2009-001649 // 
            
            
            
            CNNVD: CNNVD-200901-087

EXTERNAL IDS
db:NVDid:CVE-2009-0070
Trust: 2.8
db:EXPLOIT-DBid:7673
Trust: 1.7
db:JVNDBid:JVNDB-2009-001649
Trust: 0.8
db:CNNVDid:CNNVD-200901-087
Trust: 0.7
db:MILW0RMid:7673
Trust: 0.6
db:XFid:48214
Trust: 0.6
db:BIDid:30186
Trust: 0.3
db:VULHUBid:VHN-37516
Trust: 0.1
sources:
            
            
            VULHUB: VHN-37516 // 
            
            
            
            BID: 30186 // 
            
            
            
            JVNDB: JVNDB-2009-001649 // 
            
            
            
            CNNVD: CNNVD-200901-087 // 
            
            
            
            NVD: CVE-2009-0070

REFERENCES
url:https://www.exploit-db.com/exploits/7673
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/48214
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0070
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-0070
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/48214
Trust: 0.6
url:http://www.milw0rm.com/exploits/7673
Trust: 0.6
url:http://www.apple.com/iphone/
Trust: 0.3
url:http://www.apple.com/ipodtouch/
Trust: 0.3
url:/archive/1/494777
Trust: 0.3
url:http://support.apple.com/kb/ht2351
Trust: 0.3
url:http://support.apple.com/kb/ht3298
Trust: 0.3
sources:
            
            
            VULHUB: VHN-37516 // 
            
            
            
            BID: 30186 // 
            
            
            
            JVNDB: JVNDB-2009-001649 // 
            
            
            
            CNNVD: CNNVD-200901-087 // 
            
            
            
            NVD: CVE-2009-0070

CREDITS
Jonathan Rom
Hiromitsu Takagi
SkyLined
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200901-087

SOURCES
db:VULHUBid:VHN-37516
db:BIDid:30186
db:JVNDBid:JVNDB-2009-001649
db:CNNVDid:CNNVD-200901-087
db:NVDid:CVE-2009-0070

LAST UPDATE DATE
2025-04-10T20:59:36.732000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-37516date:2017-09-29T00:00:00
db:BIDid:30186date:2009-06-09T16:49:00
db:JVNDBid:JVNDB-2009-001649date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200901-087date:2021-07-14T00:00:00
db:NVDid:CVE-2009-0070date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-37516date:2009-01-08T00:00:00
db:BIDid:30186date:2008-07-11T00:00:00
db:JVNDBid:JVNDB-2009-001649date:2009-07-08T00:00:00
db:CNNVDid:CNNVD-200901-087date:2008-07-11T00:00:00
db:NVDid:CVE-2009-0070date:2009-01-08T19:30:11.280