CVE-2009-1725

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

🔗 References (66)

• cve@mitrehttp://lists.apple.com/archives/security-announce/2009/Jul/msg00000.html
• cve@mitrehttp://lists.apple.com/archives/security-announce/2009/Sep/msg00001.html
• cve@mitrehttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
• cve@mitrehttp://osvdb.org/55739
• cve@mitrehttp://secunia.com/advisories/35758
• cve@mitrehttp://secunia.com/advisories/36057
• cve@mitrehttp://secunia.com/advisories/36062
• cve@mitrehttp://secunia.com/advisories/36347
• cve@mitrehttp://secunia.com/advisories/36677
• cve@mitrehttp://secunia.com/advisories/36790
• cve@mitrehttp://secunia.com/advisories/37746
• cve@mitrehttp://secunia.com/advisories/43068
• cve@mitrehttp://support.apple.com/kb/HT3666
• cve@mitrehttp://support.apple.com/kb/HT3860
• cve@mitrehttp://websvn.kde.org/?view=rev&revision=1002162