Detections
Analytics
Safari < 4.0.3 Multiple Vulnerabilities
high Nessus Plugin ID 40554
Synopsis
The remote host contains a web browser that is affected by several vulnerabilities.Description
The version of Safari installed on the remote Windows host is earlier than 4.0.3. Such versions are potentially affected by several issues :- A buffer overflow exists in the handling of EXIF metadata that ccould lead to a crash or arbitrary code execution. (CVE-2009-2188)
- A vulnerability in WebKit's parsing of floating point numbers may allow for remote code execution.
(CVE-2009-2195)
- A vulnerability in Safari may allow a malicious website to be promoted in Safari's Top Sites. (CVE-2009-2196)
- A vulnerability in how WebKit renders an URL with look- alike characters could be used to masquerade a website.
(CVE-2009-2199)
- A vulnerability in WebKit may lead to the disclosure of sensitive information. (CVE-2009-2200)
- A heap-based buffer overflow in CoreGraphics involving the drawing of long text strings could lead to a crash or arbitrary code execution. (CVE-2009-2468)
Solution
Upgrade to Safari 4.0.3 or later.See Also
http://www.securityfocus.com/advisories/17616
http://support.apple.com/kb/HT3733
http://lists.apple.com/archives/security-announce/2009/Aug/msg00002.html
Plugin Details
Severity: High
ID: 40554
File Name: safari_4_0_3.nasl
Version: 1.14
Type: local
Agent: windows
Family: Windows
Published: 8/11/2009
Updated: 7/27/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 7.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:apple:safari
Required KB Items: SMB/Safari/FileVersion
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/11/2009
Reference Information
CVE: CVE-2009-2188, CVE-2009-2195, CVE-2009-2196, CVE-2009-2199, CVE-2009-2200, CVE-2009-2468