Sign-up

ID

VAR-200906-0159


CVE

CVE-2009-2027


TITLE

Apple Safari Windows Installer Local Privilege Escalation Vulnerability

Trust: 0.9

sources: BID: 35339 // CNNVD: CNNVD-200906-202

DESCRIPTION

The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method. Apple Safari is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to gain elevated privileges, which may aid in further attacks. This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it

Trust: 1.98

sources: NVD: CVE-2009-2027 // JVNDB: JVNDB-2009-003497 // BID: 35339 // VULHUB: VHN-39473

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.6

vendor:applemodel:safariscope:lteversion:3.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:safariscope:ltversion:windows edition 4.0

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4

Trust: 0.3

sources: BID: 35339 // JVNDB: JVNDB-2009-003497 // CNNVD: CNNVD-200906-202 // NVD: CVE-2009-2027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2027
value: HIGH

Trust: 1.0

NVD: CVE-2009-2027
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200906-202
value: HIGH

Trust: 0.6

VULHUB: VHN-39473
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-2027
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39473
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39473 // JVNDB: JVNDB-2009-003497 // CNNVD: CNNVD-200906-202 // NVD: CVE-2009-2027

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-39473 // JVNDB: JVNDB-2009-003497 // NVD: CVE-2009-2027

THREAT TYPE

local

Trust: 0.9

sources: BID: 35339 // CNNVD: CNNVD-200906-202

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200906-202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003497

PATCH
title:HT3613url:http://support.apple.com/kb/HT3613
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003497

EXTERNAL IDS
db:NVDid:CVE-2009-2027
Trust: 2.8
db:BIDid:35339
Trust: 2.0
db:JVNDBid:JVNDB-2009-003497
Trust: 0.8
db:APPLEid:APPLE-SA-2009-06-08-1
Trust: 0.6
db:XFid:51290
Trust: 0.6
db:CNNVDid:CNNVD-200906-202
Trust: 0.6
db:VULHUBid:VHN-39473
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39473 // 
            
            
            
            BID: 35339 // 
            
            
            
            JVNDB: JVNDB-2009-003497 // 
            
            
            
            CNNVD: CNNVD-200906-202 // 
            
            
            
            NVD: CVE-2009-2027

REFERENCES
url:http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Trust: 1.7
url:http://www.securityfocus.com/bid/35339
Trust: 1.7
url:http://support.apple.com/kb/ht3613
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/51290
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2027
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2027
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/51290
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-39473 // 
            
            
            
            BID: 35339 // 
            
            
            
            JVNDB: JVNDB-2009-003497 // 
            
            
            
            CNNVD: CNNVD-200906-202 // 
            
            
            
            NVD: CVE-2009-2027

CREDITS
Dave English of Lutnos
Trust: 0.9
sources:
            
            
            BID: 35339 // 
            
            
            
            CNNVD: CNNVD-200906-202

SOURCES
db:VULHUBid:VHN-39473
db:BIDid:35339
db:JVNDBid:JVNDB-2009-003497
db:CNNVDid:CNNVD-200906-202
db:NVDid:CVE-2009-2027

LAST UPDATE DATE
2025-04-10T20:25:32.836000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39473date:2017-08-17T00:00:00
db:BIDid:35339date:2009-06-18T19:00:00
db:JVNDBid:JVNDB-2009-003497date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200906-202date:2009-06-23T00:00:00
db:NVDid:CVE-2009-2027date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39473date:2009-06-10T00:00:00
db:BIDid:35339date:2009-06-08T00:00:00
db:JVNDBid:JVNDB-2009-003497date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200906-202date:2009-06-10T00:00:00
db:NVDid:CVE-2009-2027date:2009-06-10T19:30:00.187