CVE Reference: CVE-2009-1708

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2009-1708

Description:
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

CVE Status:
Candidate

References:

ST
  1022345

SAID
  Secunia Advisory: SA35379

OSVDB
  55011

CONFIRM
  http://support.apple.com/kb/HT3613

BID
  35260
  35351

APPLE
  http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html


Return to the previous page.