CVE Reference: CVE-2009-1704

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2009-1704

Description:
CFNetwork in Apple Safari before 4.0 misinterprets downloaded image files as local HTML documents in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript code by placing it in an image file.

CVE Status:
Candidate

References:

ST
  1022343

SAID
  Secunia Advisory: SA35379

OSVDB
  55010

CONFIRM
  http://support.apple.com/kb/HT3613

BID
  35260
  35344

APPLE
  http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html


Return to the previous page.