PT-2009-2817 · Apple+1 · Safari+2

Published

2009-01-15

Updated

2017-08-08

CVE-2009-0123

CVSS v2.0

7.1

High

Vector

AV:N/AC:M/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apple Safari on Mac OS X 10.5 and Windows

Description The issue is related to the handling of RSS feed URLs in Apple Safari, allowing remote attackers to read arbitrary files on a client machine. This can be exploited to gain access to sensitive information or execute arbitrary script code in the local security zone. The vulnerability is associated with the feed, feeds, and feedsearch URL types for RSS feeds.

Recommendations For Apple Safari on Mac OS X 10.5 and Windows, consider disabling the handling of RSS feed URLs as a temporary workaround until a patch is available. Restrict access to sensitive information and avoid using Safari for handling RSS feeds until the issue is resolved.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-0123

Affected Products

Safari

Macos X

Windows

PT-2009-2817 · Apple+1 · Safari+2

CVE-2009-0123

Weakness Enumeration

Related Identifiers

Affected Products

References · 8