Sign-up

ID

VAR-200912-0126


CVE

CVE-2009-4186


TITLE

Apple Safari Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003951

DESCRIPTION

Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. Windows Run on Apple Safari In this case, a stack consumption state occurs, which disrupts service operation. Apple Safari is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Safari 4.0.3 for Windows is vulnerable; other versions may also be affected. Safari is a web browser developed by Apple Inc

Trust: 2.07

sources: NVD: CVE-2009-4186 // JVNDB: JVNDB-2009-003951 // BID: 37039 // VULHUB: VHN-41632 // VULMON: CVE-2009-4186

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 2.4

vendor:microsoftmodel:windowsscope: - version: -

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

sources: BID: 37039 // JVNDB: JVNDB-2009-003951 // CNNVD: CNNVD-200912-046 // NVD: CVE-2009-4186

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4186
value: HIGH

Trust: 1.0

NVD: CVE-2009-4186
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200912-046
value: CRITICAL

Trust: 0.6

VULHUB: VHN-41632
value: HIGH

Trust: 0.1

VULMON: CVE-2009-4186
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-4186
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-41632
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-41632 // VULMON: CVE-2009-4186 // JVNDB: JVNDB-2009-003951 // CNNVD: CNNVD-200912-046 // NVD: CVE-2009-4186

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-41632 // JVNDB: JVNDB-2009-003951 // NVD: CVE-2009-4186

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200912-046

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200912-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003951

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-41632 // 
            
            
            
            VULMON: CVE-2009-4186

PATCH
title:Safarieurl:http://www.apple.com/safari/
Trust: 0.8
title:Top Pageurl:http://windows.microsoft.com/
Trust: 0.8
title:scraping-demourl:https://github.com/alfredodeza/scraping-demo 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2009-4186 // 
            
            
            
            JVNDB: JVNDB-2009-003951

EXTERNAL IDS
db:NVDid:CVE-2009-4186
Trust: 2.9
db:BIDid:37039
Trust: 2.1
db:EXPLOIT-DBid:10102
Trust: 1.8
db:JVNDBid:JVNDB-2009-003951
Trust: 0.8
db:CNNVDid:CNNVD-200912-046
Trust: 0.7
db:XFid:54487
Trust: 0.6
db:VULHUBid:VHN-41632
Trust: 0.1
db:VULMONid:CVE-2009-4186
Trust: 0.1
sources:
            
            
            VULHUB: VHN-41632 // 
            
            
            
            VULMON: CVE-2009-4186 // 
            
            
            
            BID: 37039 // 
            
            
            
            JVNDB: JVNDB-2009-003951 // 
            
            
            
            CNNVD: CNNVD-200912-046 // 
            
            
            
            NVD: CVE-2009-4186

REFERENCES
url:http://www.securityfocus.com/bid/37039
Trust: 1.8
url:http://www.exploit-db.com/exploits/10102
Trust: 1.8
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/54487
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4186
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4186
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/54487
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://github.com/alfredodeza/scraping-demo
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/10102/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-41632 // 
            
            
            
            VULMON: CVE-2009-4186 // 
            
            
            
            BID: 37039 // 
            
            
            
            JVNDB: JVNDB-2009-003951 // 
            
            
            
            CNNVD: CNNVD-200912-046 // 
            
            
            
            NVD: CVE-2009-4186

CREDITS
Jeremy Brown
Trust: 0.3
sources:
            
            
            BID: 37039

SOURCES
db:VULHUBid:VHN-41632
db:VULMONid:CVE-2009-4186
db:BIDid:37039
db:JVNDBid:JVNDB-2009-003951
db:CNNVDid:CNNVD-200912-046
db:NVDid:CVE-2009-4186

LAST UPDATE DATE
2025-04-10T23:25:27.984000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-41632date:2017-08-17T00:00:00
db:VULMONid:CVE-2009-4186date:2017-08-17T00:00:00
db:BIDid:37039date:2015-04-13T21:06:00
db:JVNDBid:JVNDB-2009-003951date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200912-046date:2009-12-04T00:00:00
db:NVDid:CVE-2009-4186date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-41632date:2009-12-03T00:00:00
db:VULMONid:CVE-2009-4186date:2009-12-03T00:00:00
db:BIDid:37039date:2009-11-16T00:00:00
db:JVNDBid:JVNDB-2009-003951date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200912-046date:2009-12-03T00:00:00
db:NVDid:CVE-2009-4186date:2009-12-03T17:30:01.640