Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
TITLE: Apple Safari for Windows Unspecified Remote Code Execution and Denial of Service Vulnerabilities
CLASS: Input Validation Error
CVE: CVE-2007-3185
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 11 2007 12:00AM
UPDATE: Jun 15 2007 07:19PM
CREDIT: David Maynor is credited with discovering these vulnerabilities.
VULNERABLE:
Apple Safari 2.0.4NOT VULNERABLE:
Apple Safari 3 Beta for Windows
Apple Safari 3.0.1 Beta for Windows
Vai alla pagina originale su Security Focus
Discussion
Apple Safari for Windows is prone to multiple remote code-execution and denial-of-service vulnerabilities.
An attacker may exploit these issues by enticing victims into opening a maliciously crafted HTML document.
Successful exploits can allow attackers to execute arbitrary code in the context of the affected browser or to cause denial-of-service conditions.
Safari 3 public beta for Windows is reported vulnerable.
One of these issues may be related to BID 24431: Apple Safari for Windows Unspecified Denial of Service Vulnerability.
NOTE: Apple has released Safari 3.0.1 Beta for Windows
UPDATE (June 14, 2007): Safari 2.0.4 is vulnerable; prior versions may also be affected.
Exploit
An attacker may exploit these issues by enticing victims into viewing a maliciously crafted webpage.
Solution
Solution:
Apple has released an updated version of the software that addresses this issue. Please see the vendor advisories for more information.
Apple Safari 3 Beta for Windows
- Apple Apple Safari for Windows Beta 3.0.1
http://www.apple.com/safari/download/
References
References:
- Errata Security (David Maynor)
- Safari Homepage (Apple)