Safari < 4.0.5 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 5361

Synopsis

The remote host contains a web browser that is vulnerable to multiple attack vectors.

Description

The version of Safari installed on the remote host is earlier than 4.0.5. Such versions are potentially affected by several issues :

A buffer underflow in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2009-2285)

- An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2010-0040)

- An uninitialized memory access issue in ImageIO's handling of BMP images could result in sending of data from Safari's memory to a website. (CVE-2010-0041)

- An uninitialized memory access issue in ImageIO's handling of TIFF images could result in sending of data from Safari's memory to a website. (CVE-2010-0042)

- A memory corruption issue in the handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2010-0043)

- An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even if Safari is configured to block cookies via the 'Accept Cookies' preference. (CVE-2010-0044)

- An issue in Safari's handling of external URL schemes could cause a local file to be opened in response to a URL encountered on a web page, which could allow a malicious web server to execute arbitrary code. (CVE-2010-0045)

- A memory corruption issue in WebKit's handling of CSS format() arguments could lead to a crash or arbitrary code execution. (CVE-2010-0046)

- A use-after-free issue in the handling of HTML object element fallback content could lead to a crash or arbitrary code execution. (CVE-2010-0047)

- A use-after-free issue in WebKit's parsing of XML documents could lead to a crash or arbitrary code execution. (CVE-2010-0048)

- A use-after-free issue in the handling of HTML elements containing right-to-left displayed text could lead to a crash or arbitrary code execution. (CVE-2010-0049)

- A use-after-free issue in WebKit's handling of incorrectly nested HTML tags could lead to a crash or arbitrary code execution. (CVE-2010-0050)

- An implementation issue in WebKit''s handling of cross-origin stylesheet requests when visiting a malicious website could result in disclosure of the content of protected resources on another website. (CVE-2010-0051)

- A use-after-free issue in WebKit's handling of callbacks for HTML elements could lead to a crash or arbitrary code execution. (CVE-2010-0052)

- A use-after-free issue in the rendering of content with a CSS display property set to 'run-in' could lead to a crash or arbitrary code execution. (CVE-2010-0053)

- A use-after-free issue in WebKit's handling of HTML image elements could lead to a crash or arbitrary code execution. (CVE-2010-0054)

Solution

Upgrade to Safari 4.0.5 or later.

See Also

http://lists.apple.com/archives/security-announce/2010/mar/msg00000.html

http://support.apple.com/kb/HT4070

Plugin Details

Severity: High

ID: 5361

Family: Web Clients

Published: 3/11/2010

Updated: 3/6/2019

Nessus ID: 45044, 45045

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Patch Publication Date: 3/11/2010

Vulnerability Publication Date: 3/11/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-2285, CVE-2010-0040, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0044, CVE-2010-0045, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054

BID: 35451, 38671, 38673, 38674, 38675, 38676, 38677, 38683, 38684, 38685, 38686, 38687, 38688, 38689, 38690, 38691, 38692