Safari < 4.0.5 Multiple Vulnerabilities

high Nessus Plugin ID 45045

Language:

Synopsis

The remote host contains a web browser that is affected by several vulnerabilities.

Description

The version of Safari installed on the remote Windows host is earlier than 4.0.5. It thus is potentially affected by several issues :

- A buffer underflow in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution.
(CVE-2009-2285)

- An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2010-0040)

- An uninitialized memory access issue in ImageIO's handling of BMP images could result in sending of data from Safari's memory to a website. (CVE-2010-0041)

- An uninitialized memory access issue in ImageIO's handling of TIFF images could result in the sending of data from Safari's memory to a website. (CVE-2010-0042)

- A memory corruption issue in the handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2010-0043)

- An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even if Safari is configured to block cookies via the 'Accept Cookies' preference. (CVE-2010-0044)

- An issue in Safari's handling of external URL schemes could cause a local file to be opened in response to a URL encountered on a web page, which could allow a malicious web server to execute arbitrary code.
(CVE-2010-0045)

- A memory corruption issue in WebKit's handling of CSS format() arguments could lead to a crash or arbitrary code execution. (CVE-2010-0046)

- A use-after-free issue in the handling of HTML object element fallback content could lead to a crash or arbitrary code execution. (CVE-2010-0047)

- A use-after-free issue in WebKit's parsing of XML documents could lead to a crash or arbitrary code execution. (CVE-2010-0048)

- A use-after-free issue in the handling of HTML elements containing right-to-left displayed text could lead to a crash or arbitrary code execution. (CVE-2010-0049)

- A use-after-free issue in WebKit's handling of incorrectly nested HTML tags could lead to a crash or arbitrary code execution. (CVE-2010-0050)

- An implementation issue in WebKit's handling of cross- origin stylesheet requests when visiting a malicious website could result in disclosure of the content of protected resources on another website. (CVE-2010-0051)

- A use-after-free issue in WebKit's handling of callbacks for HTML elements could lead to a crash or arbitrary code execution. (CVE-2010-0052)

- A use-after-free issue in the rendering of content with a CSS display property set to 'run-in' could lead to a crash or arbitrary code execution. (CVE-2010-0053)

- A use-after-free issue in WebKit's handling of HTML image elements could lead to a crash or arbitrary code execution. (CVE-2010-0054)

Solution

Upgrade to Safari 4.0.5 or later.

See Also

http://support.apple.com/kb/HT4070

http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html

http://www.securityfocus.com/advisories/19255

Plugin Details

Severity: High

ID: 45045

File Name: safari_4_0_5.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 3/11/2010

Updated: 7/27/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: SMB/Safari/FileVersion

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/11/2010

Vulnerability Publication Date: 3/11/2010

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-2285, CVE-2010-0040, CVE-2010-0041, CVE-2010-0042, CVE-2010-0043, CVE-2010-0044, CVE-2010-0045, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054

BID: 35451, 38673, 38674, 38675, 38676, 38677, 38683, 38684, 38685, 38686, 38687, 38688, 38689, 38690, 38691, 38692

CWE: 119