Back to search
CVE-2009-2200
Published: Aug 12, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
43068
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2009-08-11-1
vendor-advisory
x_refsource_APPLE
ADV-2011-0212
vdb-entry
x_refsource_VUPEN
1022720
vdb-entry
x_refsource_SECTRACK
SUSE-SR:2011:002
vendor-advisory
x_refsource_SUSE
36024
vdb-entry
x_refsource_BID
http://support.apple.com/kb/HT3733
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now