Details of VAR-200903-0526

ID

VAR-200903-0526

CVE

CVE-2009-1060

TITLE

Apple Safari In Vulnerability in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2009-001466

DESCRIPTION

Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Charlie Miller during a PWN2OWN competition at CanSecWest 2009. Apple Safari is prone to an unspecified remote code-execution vulnerability. This issue was demonstrated at the CanSecWest 2009 conference. Technical details are not yet available; we will update this BID as more information emerges. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions. Safari is the web browser bundled by default in the Apple family operating system

Trust: 1.98

sources: NVD: CVE-2009-1060 // JVNDB: JVNDB-2009-001466 // BID: 34179 // VULHUB: VHN-38506

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	safari	scope:	eq	version:	*	Trust: 1.0
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.2.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	safari for windows	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	3	Trust: 0.3

sources: BID: 34179 // JVNDB: JVNDB-2009-001466 // CNNVD: CNNVD-200903-394 // NVD: CVE-2009-1060

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2009-1060
value:	HIGH
Trust: 1.0
NVD:	CVE-2009-1060
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200903-394
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-38506
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2009-1060
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-38506
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-38506 // JVNDB: JVNDB-2009-001466 // CNNVD: CNNVD-200903-394 // NVD: CVE-2009-1060

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-1060

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200903-394

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200903-394

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001466

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2009-001466

EXTERNAL IDS

db:	NVD	id:	CVE-2009-1060	Trust: 2.8
db:	BID	id:	34179	Trust: 2.0
db:	OSVDB	id:	52888	Trust: 1.7
db:	SECTRACK	id:	1021879	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-001466	Trust: 0.8
db:	XF	id:	49463	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	CNNVD	id:	CNNVD-200903-394	Trust: 0.6
db:	VULHUB	id:	VHN-38506	Trust: 0.1

sources: VULHUB: VHN-38506 // BID: 34179 // JVNDB: JVNDB-2009-001466 // CNNVD: CNNVD-200903-394 // NVD: CVE-2009-1060

REFERENCES

url:	http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits	Trust: 2.0
url:	http://www.securityfocus.com/bid/34179	Trust: 1.7
url:	http://cansecwest.com/index.html	Trust: 1.7
url:	http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009	Trust: 1.7
url:	http://news.cnet.com/8301-1009_3-10199652-83.html	Trust: 1.7
url:	http://osvdb.org/52888	Trust: 1.7
url:	http://www.securitytracker.com/id?1021879	Trust: 1.7
url:	http://www.computerworld.com/action/article.do?command=viewarticlebasic&articleid=9129978	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/49463	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1060	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1060	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/49463	Trust: 0.6
url:	http://www.h-online.com/security/pwn2own-2009-safari-ie-8-and-firefox-exploited--/news/112889	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3
url:	http://www.computerworld.com/action/article.do?command=viewarticlebasic&articleid=9129978	Trust: 0.1

sources: VULHUB: VHN-38506 // BID: 34179 // JVNDB: JVNDB-2009-001466 // CNNVD: CNNVD-200903-394 // NVD: CVE-2009-1060

CREDITS

Charlie Miller

Trust: 0.9

sources: BID: 34179 // CNNVD: CNNVD-200903-394

SOURCES

db:	VULHUB	id:	VHN-38506
db:	BID	id:	34179
db:	JVNDB	id:	JVNDB-2009-001466
db:	CNNVD	id:	CNNVD-200903-394
db:	NVD	id:	CVE-2009-1060

LAST UPDATE DATE

2025-04-10T20:45:39.082000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-38506	date:	2017-08-17T00:00:00
db:	BID	id:	34179	date:	2009-03-30T16:36:00
db:	JVNDB	id:	JVNDB-2009-001466	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200903-394	date:	2009-04-08T00:00:00
db:	NVD	id:	CVE-2009-1060	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-38506	date:	2009-03-24T00:00:00
db:	BID	id:	34179	date:	2009-03-19T00:00:00
db:	JVNDB	id:	JVNDB-2009-001466	date:	2009-06-30T00:00:00
db:	CNNVD	id:	CNNVD-200903-394	date:	2009-03-24T00:00:00
db:	NVD	id:	CVE-2009-1060	date:	2009-03-24T14:30:00.517