Safari < 3.2 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 801019

Synopsis

The remote host contains a web browser that is affected by several issues.

Description

The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues :


- Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096)
- A heap buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767)
- A signedness issue in Safari's handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303)
- A memory corruption issue in WebCore's handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317)
- Multiple uninitialized memory access issues in libTIFF's handling of LZW-encoded TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2327)
- A memory corruption issue in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2332).
- A memory corruption issue in ImageIO's handling of embedded ICC profiles in JPEG images could lead to a crash or arbitrary code execution. (CVE-2008-3608)
- A heap buffer overflow in CoreGraphics' handling of color spaces could lead to a crash or arbitrary code execution. (CVE-2008-3623)
- A buffer overflow in the handling of images with an embedded ICC profile could lead to a crash or arbitrary code execution. (CVE-2008-3642)
- Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644)
- WebKit's plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)


IAVB Reference : 2008-B-0078
STIG Finding Severity : Category I

Solution

Upgrade to version 3.2 or higher.

See Also

lists.apple.com/archives/security-announce/2008/nov/msg00001.html

http://.securityfocus.com/advisories/15730

support.apple.com/kb/HT3298

Plugin Details

Severity: High

ID: 801019

Family: Web Clients

Nessus ID: 34772

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2005-2096, CVE-2008-1767, CVE-2008-2303, CVE-2008-2317, CVE-2008-2327, CVE-2008-2332, CVE-2008-3608, CVE-2008-3623, CVE-2008-3642, CVE-2008-3644, CVE-2008-4216

BID: 29312, 30832, 14162, 32291