Secunia Security Advisory - Some vulnerabilities and a security issue have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system.
f6bec4874a8f9a8cd8463c1c9a880d08958bd29665c8755e58b72514f46ea208
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Apple Safari for Windows Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA30775
VERIFY ADVISORY:
http://secunia.com/advisories/30775/
CRITICAL:
Highly critical
IMPACT:
Exposure of sensitive information, System access
WHERE:
>From remote
REVISION:
1.1 originally posted 2008-06-20
SOFTWARE:
Safari for Windows 3.x
http://secunia.com/product/17978/
DESCRIPTION:
Some vulnerabilities and a security issue have been reported in Apple
Safari, which can be exploited by malicious people to disclose
sensitive information or to compromise a user's system.
1) A boundary error within the handling of BMP and GIF images can be
exploited to trigger an out-of-bounds read and disclose content in
memory.
2) A security issue exists due to Safari automatically launching
downloaded executable files from sites in a Internet Explorer 7 zone
with the "Launching applications and unsafe files" option set to
"Enable", or sites in the Internet Explorer 6 "Local intranet" or
"Trusted sites" zone.
3) An unspecified error in the handling of Javascript arrays can be
exploited to cause a memory corruption when a user visits a specially
crafted web page.
Successful exploitation of this vulnerability may allow execution of
arbitrary code.
The vulnerabilities are reported in Safari for Windows prior to
version 3.1.2.
SOLUTION:
Update to version 3.1.2.
http://www.apple.com/support/downloads/safari312forwindows.html
PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) Gynvael Coldwind, Hispasec
2) Will Dormann, CERT/CC
3) James Urquhart
CHANGELOG:
2008-06-20: Added link to US-CERT.
ORIGINAL ADVISORY:
Apple:
http://support.apple.com/kb/HT2092
US-CERT VU#127185:
http://www.kb.cert.org/vuls/id/127185
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------