Safari < 3.1.2 Multiple Vulnerabilities

high Nessus Plugin ID 33226

Synopsis

The remote host contains a web browser that is affected by several issues.

Description

The version of Safari installed on the remote host reportedly is affected by several issues :

- An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573).

- Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with 'Launching applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone (CVE-2008-2306).

- There is a memory corruption issue in WebKit's handling of JavaScript arrays that could be leveraged to crash the application or execute arbitrary code if visiting a malicious site (CVE-2008-2307).

- When handling an object with an unrecognized content type, Safari does not prompt the user before downloading the object (aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the default), this could lead to arbitrary code execution (CVE-2008-2540).

Solution

Upgrade to Safari 3.1.2 or later.

See Also

https://support.apple.com/en-us/HT201222

https://lists.apple.com/archives/security-announce/2008/Jun/msg00001.html

Plugin Details

Severity: High

ID: 33226

File Name: safari_3_1_2.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 6/20/2008

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: SMB/Safari/FileVersion

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-1573, CVE-2008-2306, CVE-2008-2307, CVE-2008-2540

BID: 29445, 29513, 29835, 29836

CWE: 119, 264, 399

Secunia: 30775