Safari < 4.0.3 Multiple Vulnerabilities
High Nessus Plugin ID 40554
SynopsisThe remote host contains a web browser that is affected by several vulnerabilities.
DescriptionThe version of Safari installed on the remote Windows host is earlier than 4.0.3. Such versions are potentially affected by several issues :
- A buffer overflow exists in the handling of EXIF metadata that ccould lead to a crash or arbitrary code execution. (CVE-2009-2188)
- A vulnerability in WebKit's parsing of floating point numbers may allow for remote code execution.
- A vulnerability in Safari may allow a malicious website to be promoted in Safari's Top Sites. (CVE-2009-2196)
- A vulnerability in how WebKit renders an URL with look- alike characters could be used to masquerade a website.
- A vulnerability in WebKit may lead to the disclosure of sensitive information. (CVE-2009-2200)
- A heap-based buffer overflow in CoreGraphics involving the drawing of long text strings could lead to a crash or arbitrary code execution. (CVE-2009-2468)
SolutionUpgrade to Safari 4.0.3 or later.