Safari < 3.2 Multiple Vulnerabilities

High Nessus Plugin ID 34772

Synopsis

The remote host contains a web browser that is affected by several issues.

Description

The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues :

- Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096)

- A heap-based buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution.
(CVE-2008-1767)

- A signedness issue in Safari's handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303)

- A memory corruption issue in WebCore's handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317)

- Multiple uninitialized memory access issues in libTIFF's handling of LZW-encoded TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2327)

- A memory corruption issue in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2332).

- A memory corruption issue in ImageIO's handling of embedded ICC profiles in JPEG images could lead to a crash or arbitrary code execution. (CVE-2008-3608)

- A heap-based buffer overflow in CoreGraphics' handling of color spaces could lead to a crash or arbitrary code execution. (CVE-2008-3623)

- A buffer overflow in the handling of images with an embedded ICC profile could lead to a crash or arbitrary code execution. (CVE-2008-3642)

- Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644)

- WebKit's plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)

Solution

Upgrade to Safari 3.2 or later.

See Also

http://support.apple.com/kb/HT3298

http://lists.apple.com/archives/security-announce/2008/Nov/msg00001.html

http://www.securityfocus.com/advisories/15730

Plugin Details

Severity: High

ID: 34772

File Name: safari_3_2.nasl

Version: 1.14

Type: local

Agent: windows

Family: Windows

Published: 2008/11/14

Updated: 2018/07/27

Dependencies: 31788

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Required KB Items: SMB/Safari/FileVersion

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2005/07/07

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2005-2096, CVE-2008-1767, CVE-2008-2303, CVE-2008-2317, CVE-2008-2327, CVE-2008-2332, CVE-2008-3608, CVE-2008-3623, CVE-2008-3642, CVE-2008-3644, CVE-2008-4216

BID: 14162, 29312, 30832, 32291

CWE: 119, 189, 200, 399