CVE-2009-2200 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2009-2200?

CVE-2009-2200 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2200?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.

Vulnerability Description

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

CVSS Score

7.1

HIGH

AV:N/AC:M/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Mac Os X	10.4.
Apple	Mac Os X Server	10.4.11
Microsoft	Windows Vista	All versions
Microsoft	Windows Xp	All versions
Apple	Safari	<= 4.0.2

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2009-2200?

CVE-2009-2200 is a vulnerability with a CVSS score of 7.1 (HIGH). WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: UR...

How severe is CVE-2009-2200?

CVE-2009-2200 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2200?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Microsoft Windows Vista, Microsoft Windows Xp, Apple Safari.