Vulnerability Details : CVE-2009-1681

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document.
Publish Date : 2009-06-10 Last Update Date : 2011-02-17

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Related Tweets Even more tweets Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

Cvss Score	4.3
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication	Not required (Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Bypass a restriction or similar
CWE ID	CWE id is not defined for this vulnerability

- Related OVAL Definitions

Title	Definition Id	Class	Family
CVE-2009-1681	oval:org.opensuse.security:def:20091681		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2009-1681

#	Product Type	Vendor	Product	Version	Update	Edition
1	Application	Apple	Safari	0.8		MAC	Details Vulnerabilities
2	Application	Apple	Safari	0.9		MAC	Details Vulnerabilities
3	Application	Apple	Safari	1.0		MAC	Details Vulnerabilities
4	Application	Apple	Safari	1.0.3		MAC	Details Vulnerabilities
5	Application	Apple	Safari	1.1		MAC	Details Vulnerabilities
6	Application	Apple	Safari	1.2		MAC	Details Vulnerabilities
7	Application	Apple	Safari	1.3		MAC	Details Vulnerabilities
8	Application	Apple	Safari	1.3.1		MAC	Details Vulnerabilities
9	Application	Apple	Safari	1.3.2		MAC	Details Vulnerabilities
10	Application	Apple	Safari	2.0		MAC	Details Vulnerabilities
11	Application	Apple	Safari	2.0.2		MAC	Details Vulnerabilities
12	Application	Apple	Safari	2.0.4		MAC	Details Vulnerabilities
13	Application	Apple	Safari	3.0		Windows	Details Vulnerabilities
14	Application	Apple	Safari	3.0		MAC	Details Vulnerabilities
15	Application	Apple	Safari	3.0.1		Windows	Details Vulnerabilities
16	Application	Apple	Safari	3.0.2	-	MAC	Details Vulnerabilities
17	Application	Apple	Safari	3.0.2		Windows	Details Vulnerabilities
18	Application	Apple	Safari	3.0.3		Windows	Details Vulnerabilities
19	Application	Apple	Safari	3.0.3		MAC	Details Vulnerabilities
20	Application	Apple	Safari	3.0.4		MAC	Details Vulnerabilities
21	Application	Apple	Safari	3.0.4		Windows	Details Vulnerabilities
22	Application	Apple	Safari	3.1		Windows	Details Vulnerabilities
23	Application	Apple	Safari	3.1		MAC	Details Vulnerabilities
24	Application	Apple	Safari	3.1.1		MAC	Details Vulnerabilities
25	Application	Apple	Safari	3.1.1		Windows	Details Vulnerabilities
26	Application	Apple	Safari	3.1.2		MAC	Details Vulnerabilities
27	Application	Apple	Safari	3.1.2		Windows	Details Vulnerabilities
28	Application	Apple	Safari	3.2	-	Windows	Details Vulnerabilities
29	Application	Apple	Safari	3.2.1		Windows	Details Vulnerabilities
30	Application	Apple	Safari	3.2.1		MAC	Details Vulnerabilities
31	Application	Apple	Safari	3.2.2		Windows	Details Vulnerabilities
32	Application	Apple	Safari	3.2.3		MAC	Details Vulnerabilities
33	Application	Apple	Safari	3.2.3		Windows	Details Vulnerabilities
34	Application	Apple	Safari	4.0 Beta		MAC	Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Apple	Safari	34

- References For CVE-2009-1681

http://www.vupen.com/english/advisories/2009/1621
VUPEN ADV-2009-1621

http://www.securityfocus.com/bid/35317
BID 35317 WebKit Subframe Click Jacking Vulnerability Release Date:2009-12-14

http://www.securityfocus.com/bid/35260
BID 35260 RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities Release Date:2009-06-12

http://www.debian.org/security/2009/dsa-1950
DEBIAN DSA-1950

http://support.apple.com/kb/HT3639 CONFIRM

http://secunia.com/advisories/43068
SECUNIA 43068

http://secunia.com/advisories/37746
SECUNIA 37746

http://secunia.com/advisories/35379
SECUNIA 35379

http://osvdb.org/54981
OSVDB 54981

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
SUSE SUSE-SR:2011:002

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
APPLE APPLE-SA-2009-06-17-1

http://support.apple.com/kb/HT3613 CONFIRM

http://www.vupen.com/english/advisories/2011/0212
VUPEN ADV-2011-0212

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
APPLE APPLE-SA-2009-06-08-1

http://www.vupen.com/english/advisories/2009/1522
VUPEN ADV-2009-1522

- Metasploit Modules Related To CVE-2009-1681

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)