CVE-2009-1708

Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	4.0_beta (including)
Safari	Apple	0.8 (including)	0.8 (including)
Safari	Apple	0.9 (including)	0.9 (including)
Safari	Apple	1.0 (including)	1.0 (including)
Safari	Apple	1.0.3 (including)	1.0.3 (including)
Safari	Apple	1.1 (including)	1.1 (including)
Safari	Apple	1.2 (including)	1.2 (including)
Safari	Apple	1.3 (including)	1.3 (including)
Safari	Apple	1.3.1 (including)	1.3.1 (including)
Safari	Apple	1.3.2 (including)	1.3.2 (including)
Safari	Apple	2.0 (including)	2.0 (including)
Safari	Apple	2.0.2 (including)	2.0.2 (including)
Safari	Apple	2.0.4 (including)	2.0.4 (including)
Safari	Apple	3.0 (including)	3.0 (including)
Safari	Apple	3.0.2 (including)	3.0.2 (including)
Safari	Apple	3.0.3 (including)	3.0.3 (including)
Safari	Apple	3.0.4 (including)	3.0.4 (including)
Safari	Apple	3.1 (including)	3.1 (including)
Safari	Apple	3.1.1 (including)	3.1.1 (including)
Safari	Apple	3.1.2 (including)	3.1.2 (including)
Safari	Apple	3.2.1 (including)	3.2.1 (including)
Safari	Apple	3.2.3 (including)	3.2.3 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-1708
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References