Vulnerability Details CVE-2009-3272
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.044
EPSS Ranking 88.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://www.exploit-db.com/exploits/9606
- http://www.vupen.com/english/advisories/2011/0212
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://secunia.com/advisories/43068
- http://www.exploit-db.com/exploits/9606
- http://www.vupen.com/english/advisories/2011/0212
Products affected by CVE-2009-3272
-
cpe:2.3:a:apple:safari:3.2.3
-
cpe:2.3:a:apple:safari:4.0
-
cpe:2.3:a:apple:safari:4.0.0b
-
cpe:2.3:a:apple:safari:4.0.2
-
cpe:2.3:a:apple:safari:4.0.3