Sign-up

ID

VAR-200903-0492


CVE

CVE-2009-1042


TITLE

Mac OS Run on Apple Safari Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2009-001461

DESCRIPTION

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. Apple Safari is prone to an unspecified remote code-execution vulnerability. This issue was demonstrated at the CanSecWest 2009 conference. Technical details are not yet available; we will update this BID as more information emerges. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions. Safari is the web browser bundled by default in the Apple family operating system

Trust: 1.98

sources: NVD: CVE-2009-1042 // JVNDB: JVNDB-2009-001461 // BID: 34183 // VULHUB: VHN-38488

AFFECTED PRODUCTS

vendor:applemodel:safariscope: - version: -

Trust: 1.4

vendor:applemodel:safariscope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

sources: BID: 34183 // JVNDB: JVNDB-2009-001461 // CNNVD: CNNVD-200903-373 // NVD: CVE-2009-1042

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-1042
value: HIGH

Trust: 1.0

NVD: CVE-2009-1042
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200903-373
value: CRITICAL

Trust: 0.6

VULHUB: VHN-38488
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-1042
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2009-1042
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-38488
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-38488 // JVNDB: JVNDB-2009-001461 // CNNVD: CNNVD-200903-373 // NVD: CVE-2009-1042

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-1042

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-373

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200903-373

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-001461

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-001461

EXTERNAL IDS
db:NVDid:CVE-2009-1042
Trust: 2.5
db:BIDid:34183
Trust: 2.0
db:OSVDBid:52888
Trust: 1.7
db:SECTRACKid:1021879
Trust: 1.7
db:JVNDBid:JVNDB-2009-001461
Trust: 0.8
db:CNNVDid:CNNVD-200903-373
Trust: 0.7
db:XFid:49388
Trust: 0.6
db:VULHUBid:VHN-38488
Trust: 0.1
sources:
            
            
            VULHUB: VHN-38488 // 
            
            
            
            BID: 34183 // 
            
            
            
            JVNDB: JVNDB-2009-001461 // 
            
            
            
            CNNVD: CNNVD-200903-373 // 
            
            
            
            NVD: CVE-2009-1042

REFERENCES
url:http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits
Trust: 2.0
url:http://www.h-online.com/security/pwn2own-2009-safari-ie-8-and-firefox-exploited--/news/112889
Trust: 2.0
url:http://www.securityfocus.com/bid/34183
Trust: 1.7
url:http://blogs.zdnet.com/security/?p=2934
Trust: 1.7
url:http://cansecwest.com/index.html
Trust: 1.7
url:http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009
Trust: 1.7
url:http://news.cnet.com/8301-1009_3-10199652-83.html
Trust: 1.7
url:http://twitter.com/tippingpoint1/status/1351485521
Trust: 1.7
url:http://osvdb.org/52888
Trust: 1.7
url:http://www.securitytracker.com/id?1021879
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/49388
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1042
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1042
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/49388
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-38488 // 
            
            
            
            BID: 34183 // 
            
            
            
            JVNDB: JVNDB-2009-001461 // 
            
            
            
            CNNVD: CNNVD-200903-373 // 
            
            
            
            NVD: CVE-2009-1042

CREDITS
Nils
Trust: 0.9
sources:
            
            
            BID: 34183 // 
            
            
            
            CNNVD: CNNVD-200903-373

SOURCES
db:VULHUBid:VHN-38488
db:BIDid:34183
db:JVNDBid:JVNDB-2009-001461
db:CNNVDid:CNNVD-200903-373
db:NVDid:CVE-2009-1042

LAST UPDATE DATE
2025-04-10T22:36:58.154000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-38488date:2017-08-17T00:00:00
db:BIDid:34183date:2009-03-19T17:06:00
db:JVNDBid:JVNDB-2009-001461date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200903-373date:2009-04-08T00:00:00
db:NVDid:CVE-2009-1042date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-38488date:2009-03-23T00:00:00
db:BIDid:34183date:2009-03-19T00:00:00
db:JVNDBid:JVNDB-2009-001461date:2009-06-30T00:00:00
db:CNNVDid:CNNVD-200903-373date:2009-03-23T00:00:00
db:NVDid:CVE-2009-1042date:2009-03-23T14:19:12.547