NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2009-0960

Summary	The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 does not provide an option to disable remote image loading in HTML email, which allows remote attackers to determine the device address and when an e-mail is read via an HTML email containing an image URL.
Summary	El componente Mail en iPhone OS versiones 1.0 hasta 2.2.1 y iPhone OS para iPod touch versiones 1.1 hasta 2.2.1, de Apple, no proporciona una opción para deshabilitar la carga remota de imágenes en el correo electrónico HTML, lo que permite a los atacantes remotos determinar la dirección del dispositivo y cuando se lee un correo electrónico por medio de un correo electrónico HTML que contiene una URL de imagen.
Publication Date	June 20, 2009, 1:30 a.m.
Registration Date	Jan. 29, 2021, 1:16 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
cpe:2.3:o:apple:iphone_os:2.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
cpe:2.3:o:apple:iphone_os:2.1:::::::*
cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
cpe:2.3:o:apple:iphone_os:2.2:::::::*
cpe:2.3:o:apple:iphone_os:2.2.1:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:apple:iphone_os::::::::
cpe:2.3:h:apple:ipod_touch::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	cve@mitre.org
2	http://support.apple.com/kb/HT3639	cve@mitre.org
3	http://www.securityfocus.com/bid/35414	cve@mitre.org
4	http://www.securityfocus.com/bid/35434	cve@mitre.org
5	http://www.vupen.com/english/advisories/2009/1621	cve@mitre.org
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/51209	cve@mitre.org
7	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	af854a3a-2127-422b-91ae-364da2661108
8	http://support.apple.com/kb/HT3639	af854a3a-2127-422b-91ae-364da2661108
9	http://www.securityfocus.com/bid/35414	af854a3a-2127-422b-91ae-364da2661108
10	http://www.securityfocus.com/bid/35434	af854a3a-2127-422b-91ae-364da2661108
11	http://www.vupen.com/english/advisories/2009/1621	af854a3a-2127-422b-91ae-364da2661108
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/51209	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List