Safari < 3.1.2 Multiple Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by several
issues.

Description :

The version of Safari installed on the remote host reportedly is
affected by several issues :

- An out-of-bounds memory read while handling BMP and GIF
images may lead to information disclosure
(CVE-2008-1573).

- Safari will automatically launch executable files
downloaded from a site if that site is in an IE7 zone
with 'Launching applications and unsafe files' set to
'Enable' or an IE6 'Local intranet ' / ' Trusted sites'
zone (CVE-2008-2306).

- There is a memory corruption issue in WebKit's
handling of JavaScript arrays that could be leveraged
to crash the application or execute arbitrary code
if visiting a malicious site (CVE-2008-2307).

- When handling an object with an unrecognized content
type, Safari does not prompt the user before
downloading the object (aka, the 'carpet-bombing'
issue). If the download location is the Windows
Desktop (the default), this could lead to arbitrary
code execution (CVE-2008-2540).

See also :

http://support.apple.com/kb/HT1222
http://lists.apple.com/archives/security-announce/2008/Jun/msg00001.html

Solution :

Upgrade to Safari 3.1.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 33226 ()

Bugtraq ID: 29445
29513
29835
29836

CVE ID: CVE-2008-1573
CVE-2008-2306
CVE-2008-2307
CVE-2008-2540

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now