Sign-up

ID

VAR-200907-0136


CVE

CVE-2009-2420


TITLE

Apple Safari Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003610

DESCRIPTION

Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703. ( plural Windows Explorer Launch an instance ) There is a vulnerability that becomes a condition. Apple Safari is prone to an information-disclosure and denial-of-service vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to access local files. On Microsoft Windows platforms, the attacker may launch rogue instances of Windows Explorer, which may affect the computer's overall stability, leading to a denial of service. This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft Windows XP and Vista

Trust: 1.98

sources: NVD: CVE-2009-2420 // JVNDB: JVNDB-2009-003610 // BID: 35482 // VULHUB: VHN-39866

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 2.7

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:neversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

sources: BID: 35482 // JVNDB: JVNDB-2009-003610 // CNNVD: CNNVD-200907-154 // NVD: CVE-2009-2420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-2420
value: MEDIUM

Trust: 1.0

NVD: CVE-2009-2420
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200907-154
value: MEDIUM

Trust: 0.6

VULHUB: VHN-39866
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2009-2420
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-39866
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-39866 // JVNDB: JVNDB-2009-003610 // CNNVD: CNNVD-200907-154 // NVD: CVE-2009-2420

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-39866 // JVNDB: JVNDB-2009-003610 // NVD: CVE-2009-2420

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200907-154

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200907-154

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003610

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003610

EXTERNAL IDS
db:NVDid:CVE-2009-2420
Trust: 2.8
db:BIDid:35482
Trust: 2.0
db:JVNDBid:JVNDB-2009-003610
Trust: 0.8
db:BUGTRAQid:20090623 N.RUNS-SA-2009.005 - APPLE SAFARI - INFORMATION DISCLOSURE
Trust: 0.6
db:CNNVDid:CNNVD-200907-154
Trust: 0.6
db:VULHUBid:VHN-39866
Trust: 0.1
sources:
            
            
            VULHUB: VHN-39866 // 
            
            
            
            BID: 35482 // 
            
            
            
            JVNDB: JVNDB-2009-003610 // 
            
            
            
            CNNVD: CNNVD-200907-154 // 
            
            
            
            NVD: CVE-2009-2420

REFERENCES
url:http://www.securityfocus.com/bid/35482
Trust: 1.7
url:http://www.securityfocus.com/archive/1/504480/100/0/threaded
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2420
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2420
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/504480/100/0/threaded
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/504480
Trust: 0.3
sources:
            
            
            VULHUB: VHN-39866 // 
            
            
            
            BID: 35482 // 
            
            
            
            JVNDB: JVNDB-2009-003610 // 
            
            
            
            CNNVD: CNNVD-200907-154 // 
            
            
            
            NVD: CVE-2009-2420

CREDITS
Alexios Fakos of n.runs AG
Trust: 0.3
sources:
            
            
            BID: 35482

SOURCES
db:VULHUBid:VHN-39866
db:BIDid:35482
db:JVNDBid:JVNDB-2009-003610
db:CNNVDid:CNNVD-200907-154
db:NVDid:CVE-2009-2420

LAST UPDATE DATE
2025-04-10T23:25:33.370000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-39866date:2018-10-10T00:00:00
db:BIDid:35482date:2009-07-20T22:16:00
db:JVNDBid:JVNDB-2009-003610date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200907-154date:2009-07-09T00:00:00
db:NVDid:CVE-2009-2420date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-39866date:2009-07-09T00:00:00
db:BIDid:35482date:2009-06-23T00:00:00
db:JVNDBid:JVNDB-2009-003610date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200907-154date:2009-07-09T00:00:00
db:NVDid:CVE-2009-2420date:2009-07-09T16:30:00.907