CVE Reference: CVE-2009-0153

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2009-0153

Description:
International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/50488

SAID
  Secunia Advisory: SA35074
  Secunia Advisory: SA35379
  Secunia Advisory: SA35436
  Secunia Advisory: SA35498
  Secunia Advisory: SA35584

REDHAT
  http://www.redhat.com/support/errata/RHSA-2009-1122.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11366

FEDORA

CONFIRM
  http://bugs.icu-project.org/trac/ticket/5691
  http://support.apple.com/kb/HT3639
  http://support.apple.com/kb/HT3613
  http://support.apple.com/kb/HT3549

CERT
  http://www.us-cert.gov/cas/techalerts/TA09-133A.html

BID
  34926
  34974

APPLE
  http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
  http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
  http://lists.apple.com/archives/security-announce/2009/May/msg00002.html


Return to the previous page.