CVE-2009-1703

描述

WebKit in Apple Safari before 4.0 does not prevent references to file: URLs within (1) audio and (2) video elements, which allows remote attackers to determine the existence of arbitrary files via a crafted HTML document.

受影響套件(1)

• Debian/qt4-x11from 0, < 4:4.6.2-4

參考連結(10)

• ADVISORYhttp://secunia.com/advisories/43068
• ADVISORYhttp://www.vupen.com/english/advisories/2011/0212
• EXPLOIThttp://secunia.com/advisories/35379
• EXPLOIThttp://www.securityfocus.com/bid/35260
• PATCHhttp://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
• PATCHhttp://support.apple.com/kb/HT3613
• PATCHhttp://www.vupen.com/english/advisories/2009/1522
• WEBhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
• WEBhttp://osvdb.org/55009
• WEBhttp://www.securityfocus.com/bid/35333