CVE-2009-2420 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation2 documents2 sources

Severity

5.8MEDIUMNVD

EPSS

0.4%

top 36.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Safari

Timeline

PublishedJul 9

Latest updateMay 2

Description

Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer instances) via vectors involving an unspecified HTML tag, possibly a related issue to CVE-2009-1703.

CVSS vector

AV:N/AC:M/C:P/I:N/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDapple/safari3.2.3

🔴Vulnerability Details

GHSA

GHSA-vc59-w22h-6chj: Apple Safari 3↗2022-05-02

▶