Advertisement
Home arrow ITsec Advisories arrow Apple Safari for Windows Multiple Vulnerabilities
Sunday, 23 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Apple Safari for Windows Multiple Vulnerabilities PDF Print E-mail
User Rating: / 2
PoorBest 
Written by Staff   
Friday, 20 June 2008

Some vulnerabilities and a security issue have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system.

1) A boundary error within the handling of BMP and GIF images can be exploited to trigger an out-of-bounds read and disclose content in memory.

2) A security issue exists due to Safari automatically launching downloaded executable files from sites in a Internet Explorer 7 zone with the "Launching applications and unsafe files" option set to "Enable", or sites in the Internet Explorer 6 "Local intranet" or "Trusted sites" zone...

3) An unspecified error in the handling of Javascript arrays can be exploited to cause a memory corruption when a user visits a specially crafted web page.
Successful exploitation of this vulnerability may allow execution of arbitrary code.

The vulnerabilities are reported in Safari for Windows prior to version 3.1.2.

Solution:
Update to version 3.1.2.
http://www.apple.com/support/downloads/safari312forwindows.html

Provided and/or discovered by:
The vendor credits:
1) Gynvael Coldwind, Hispasec
2) Will Dormann, CERT/CC
3) James Urquhart

Changelog:
2008-06-20: Added link to US-CERT.

Original Advisory:
Apple:
http://support.apple.com/kb/HT2092

US-CERT VU#127185:
http://www.kb.cert.org/vuls/id/127185

Original Article:
http://secunia.com/advisories/30775/


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!