CVE-2009-2421

MEDIUM

Description

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol.

References

http://www.securityfocus.com/archive/1/504479/100/0/threaded

http://www.securityfocus.com/bid/35481

Details

Source: MITRE

Published: 2009-07-09

Updated: 2018-10-10

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM