CVE-2009-1725

CVE-2009-1725 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Learn more about our Cis Benchmark Audit For Safari Browser.