CVE-2009-2200

CVE-2009-2200 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:N/A:N

WebKit in Apple Safari before 4.0.3 does not properly restrict the URL scheme of the pluginspage attribute of an EMBED element, which allows user-assisted remote attackers to launch arbitrary file: URLs and obtain sensitive information via a crafted HTML document.

Learn more about our Cis Benchmark Audit For Safari Browser.