CVE-2009-2421

Name of the Vulnerable Software and Affected Versions Apple Safari version 3.2.3

Description The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a high-bit character in a URL fragment for an unspecified protocol. This is due to a problem in the CFCharacterSetInitInlineBuffer method in CoreFoundation.dll.

Recommendations For Apple Safari version 3.2.3, consider avoiding the use of high-bit characters in URL fragments until a patch is available. As a temporary workaround, restrict access to potentially vulnerable URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.