CVE-2009-1718

Description

WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to obtain sensitive information via vectors involving drag events and the dragging of content over a crafted web page.

How to fix CVE-2009-1718

To remediate CVE-2009-1718, upgrade the affected package to a fixed version below.

• Debian/kde4libs—no fix listed
• Debian/qt4-x11—upgrade to 4:4.6.2-4 or later

Is CVE-2009-1718 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0
• from 0, < 4:4.6.2-4

References (8)

• ADVISORYsecunia.com/advisories/35379
• ADVISORYsecunia.com/advisories/43068
• ADVISORYwww.vupen.com/english/advisories/2011/0212
• PATCHlists.apple.com/archives/security-announce/2009/jun/msg00002.html
• PATCHsupport.apple.com