icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

OmniWeb Browser < 5.5.2 Javascript alert Function Format String

Medium

Synopsis

The remote host is vulnerable to a 'format string' flaw.

Description

The remote host is using Omniweb, an alternative web browser for the Mac OS platform. This version of OmniWeb is vulnerable to a format-string flaw. Specifically, the Javascript 'alert' function fails to correctly parse specially formatted strings. An attacker exploiting this flaw would need the ability to pass malformed strings to the browser. This typically involves being able to entice a user into browsing to a malicious site. Successful exploitation would result in the attacker executing arbitrary code within the browser.

Solution

Upgrade to version 5.5.2 or higher.