WebKit Numeric Character References Remote Memory Corruption Vulnerability

Bugtraq ID:	35607
Class:	Unknown
CVE:	CVE-2009-1725
Remote:	Yes
Local:	No
Published:	Jul 08 2009 12:00AM
Updated:	Nov 16 2009 06:46PM
Credit:	Chris Evans
Vulnerable:	WebKit Open Source Project WebKit 0 Ubuntu Ubuntu Linux 9.04 sparc Ubuntu Ubuntu Linux 9.04 powerpc Ubuntu Ubuntu Linux 9.04 lpia Ubuntu Ubuntu Linux 9.04 i386 Ubuntu Ubuntu Linux 9.04 amd64 Ubuntu Ubuntu Linux 8.10 sparc Ubuntu Ubuntu Linux 8.10 powerpc Ubuntu Ubuntu Linux 8.10 lpia Ubuntu Ubuntu Linux 8.10 i386 Ubuntu Ubuntu Linux 8.10 amd64 Trolltech Qt 4.4.3 Trolltech Qt 4.5 RedHat Fedora 11 RedHat Fedora 10 Pardus Linux 2009 0 Pardus Linux 2008 0 KDE KDE 4.2.4 KDE KDE 4.0.3 KDE KDE 4.0.2 KDE KDE 4.0.1 KDE KDE 4.0 KDE KDE 3.5.9 KDE KDE 3.5.8 KDE KDE 3.5.7 KDE KDE 3.5.6 KDE KDE 3.5.5 KDE KDE 3.5.4 KDE KDE 3.5.3 KDE KDE 3.5.2 KDE KDE 3.5.1 KDE KDE 3.5 KDE KDE 3.4.3 KDE KDE 3.4.2 KDE KDE 3.4.1 KDE KDE 3.4 KDE KDE 3.4 KDE KDE 3.3.2 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 arm + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 amd64 + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 alpha + Debian Linux 3.1 + Debian Linux 3.1 + Debian Linux 3.1 KDE KDE 3.3.2 KDE KDE 3.3.1 + RedHat Fedora Core3 KDE KDE 3.3 KDE KDE 3.2.3 KDE KDE 3.2.2 KDE KDE 3.2.1 KDE KDE 3.2 KDE KDE 3.1.5 KDE KDE 3.1.4 KDE KDE 3.1.3 KDE KDE 3.1.2 KDE KDE 3.1.1 a KDE KDE 3.1.1 + Conectiva Linux 9.0 + S.u.S.E. Linux Personal 8.2 + S.u.S.E. Linux Personal 8.2 KDE KDE 3.1 + RedHat Linux 9.0 i386 + S.u.S.E. Linux 8.1 + S.u.S.E. Linux 8.1 KDE KDE 3.0.5 b KDE KDE 3.0.5 a KDE KDE 3.0.5 + Conectiva Linux 8.0 KDE KDE 3.0.4 + Conectiva Linux 8.0 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 + Gentoo Linux 1.2 KDE KDE 3.0.3 a KDE KDE 3.0.3 + Conectiva Linux 8.0 + Conectiva Linux 8.0 + Conectiva Linux Enterprise Edition 1.0 + FreeBSD FreeBSD 4.7 -STABLE + FreeBSD FreeBSD 4.7 -STABLE + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 9.0 KDE KDE 3.0.2 + MandrakeSoft Linux Mandrake 8.2 KDE KDE 3.0.1 KDE KDE 3.0 + Conectiva Linux 8.0 Apple Safari 4.0.1 Apple Safari 3.2.3 for Windows Apple Safari 3.2.3 Apple Safari 3.2.2 for Windows Apple Safari 3.1.2 for Windows Apple Safari 3.1.2 Apple Safari 3.1.1 for Windows Apple Safari 3.1.1 Apple Safari 3.0.4 Beta for Windows Apple Safari 3.0.3 Apple Safari 3.0.3 Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.2 Beta Apple Safari 3.0.1 Beta for Windows Apple Safari 3.0.1 Beta Apple Safari 4 for Windows Apple Safari 4 Beta Apple Safari 4 Beta Apple Safari 4 Apple Safari 3.2 Apple Safari 3.1 for Windows Apple Safari 3.1 Apple Safari 3 Beta for Windows Apple Safari 3 Beta Apple Safari 3 Apple iPod Touch 2.2.1 Apple iPod Touch 2.0.2 Apple iPod Touch 2.0.1 Apple iPod Touch 1.1.4 Apple iPod Touch 1.1.3 Apple iPod Touch 1.1.2 Apple iPod Touch 1.1.1 Apple iPod Touch 3.0 Apple iPod Touch 2.2 Apple iPod Touch 2.1 Apple iPod Touch 2.0 Apple iPod Touch 1.1 Apple iPod Touch 0 Apple iPhone 3.0.1 Apple iPhone 2.2.1 Apple iPhone 2.0.2 Apple iPhone 2.0.1 Apple iPhone 1.1.4 Apple iPhone 1.1.3 Apple iPhone 1.1.2 Apple iPhone 1.1.1 Apple iPhone 1.0.2 Apple iPhone 1.0.1 Apple iPhone 3.0 Apple iPhone 2.2 Apple iPhone 2.1 Apple iPhone 2.0 Apple iPhone 1.1 Apple iPhone 1 Apple iPhone 0

Not Vulnerable:	Apple Safari 4.0.2 for Windows Apple Safari 4.0.2 Apple iPod Touch 3.1.1 Apple iPhone 3.1