Published: 13/05/2009 Updated: 29/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 prior to 10.5.7, iPhone OS 1.0 up to and including 2.2.1, iPhone OS for iPod touch 1.1 up to and including 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x 10.5.2
apple mac os x 10.5.4
apple mac os x 10.5.5
apple mac os x 10.5.6
apple mac os x server 10.5.4
apple mac os x server 10.5.0
apple mac os x server 10.5.2
apple mac os x server 10.5.6
apple mac os x 10.5.0
apple mac os x server 10.5.5
apple mac os x 10.5.1
apple mac os x 10.5.3
apple mac os x server 10.5.1
apple mac os x server 10.5.3

Synopsis Moderate: icu security update Type/Severity Security Advisory: Moderate Topic Updated icu packages that fix a security issue are now available for RedHat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...

Debian Bug report logs - #534590 does not properly handle invalid byte sequences during Unicode conversion Package: icu; Maintainer for icu is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: Kees Cook <kees@debianorg> Date: Thu, 25 Jun 2009 15:42:01 UTC Severity: normal Tags: security Found in version 381 ...

It was discovered that ICU did not properly handle invalid byte sequences during Unicode conversion If an application using ICU processed crafted data, content security mechanisms could be bypassed, potentially leading to cross-site scripting (XSS) attacks ...

It was discovered that the ICU unicode library performed incorrect processing of invalid multibyte sequences, resulting in potential bypass of security mechanisms For the old stable distribution (etch), this problem has been fixed in version 36-2etch3 For the stable distribution (lenny), this problem has been fixed in version 381-3+lenny2 For ...

CWE-79 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://support.apple.com/kb/HT3549 http://secunia.com/advisories/35074 http://www.vupen.com/english/advisories/2009/1297 http://www.us-cert.gov/cas/techalerts/TA09-133A.html http://www.securityfocus.com/bid/34926 http://support.apple.com/kb/HT3613 http://secunia.com/advisories/35379 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://www.vupen.com/english/advisories/2009/1522 http://www.securityfocus.com/bid/34974 https://bugzilla.redhat.com/show_bug.cgi?id=503071 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00478.html http://secunia.com/advisories/35498 http://secunia.com/advisories/35436 https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00336.html http://support.apple.com/kb/HT3639 http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html http://www.vupen.com/english/advisories/2009/1621 http://bugs.icu-project.org/trac/ticket/5691 http://secunia.com/advisories/35584 http://www.redhat.com/support/errata/RHSA-2009-1122.html https://exchange.xforce.ibmcloud.com/vulnerabilities/50488 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11366 https://access.redhat.com/errata/RHSA-2009:1122 https://usn.ubuntu.com/846-1/https://nvd.nist.gov

CVE-2009-0153

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect