Safari < 3.2 Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4754

Synopsis

The remote host contains a web browser that is affected by several issues.

Description

The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues :


- Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096)
- A heap buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767)
- A signedness issue in Safari's handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303)
- A memory corruption issue in WebCore's handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317)
- Multiple uninitialized memory access issues in libTIFF's handling of LZW-encoded TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2327)
- A memory corruption issue in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2332).
- A memory corruption issue in ImageIO's handling of embedded ICC profiles in JPEG images could lead to a crash or arbitrary code execution. (CVE-2008-3608)
- A heap buffer overflow in CoreGraphics' handling of color spaces could lead to a crash or arbitrary code execution. (CVE-2008-3623)
- A buffer overflow in the handling of images with an embedded ICC profile could lead to a crash or arbitrary code execution. (CVE-2008-3642)
- Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644)
- WebKit's plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)

Solution

Upgrade to version 3.2 or higher.

See Also

http://lists.apple.com/archives/security-announce/2008/nov/msg00001.html

http://www.securityfocus.com/advisories/15730

http://support.apple.com/kb/HT3298

Plugin Details

Severity: High

ID: 4754

File Name: 4754.prm

Family: Web Clients

Published: 2008/11/14

Modified: 2016/02/05

Dependencies: 3705

Nessus ID: 34772

Risk Information

Risk Factor: High

CVSSv2

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 8.7

Temporal Score: 7.5

Vector: CVSS3#AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2005-2096, CVE-2008-1767, CVE-2008-2303, CVE-2008-2317, CVE-2008-2327, CVE-2008-2332, CVE-2008-3608, CVE-2008-3623, CVE-2008-3642, CVE-2008-3644, CVE-2008-4216

BID: 14162, 29312, 30832, 32291

OSVDB: 17827, 45419, 47795, 49939, 49940, 49941