CVE-2009-1686 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2009-1686

CVE-2009-1686

June 10, 2009

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Related Resources (14)

http://www.securityfocus.com/bid/35311

http://www.vupen.com/english/advisories/2009/1522

http://www.securityfocus.com/bid/35260

http://secunia.com/advisories/43068

http://securitytracker.com/id?1022345

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://osvdb.org/54984

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://secunia.com/advisories/35379

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://support.apple.com/kb/HT3639