iDefense Security Advisory 07.20.11 - Remote exploitation of a memory corruption vulnerability in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user. Scalable Vector Graphics (SVG) is an XML based file format used to describe two dimensional vector graphics. It defines both a markup language, and a JavaScript interface. When parsing a series of SVG tags, and then manipulating them via JavaScript, Safari fails to handle exceptional conditions. It is possible to trigger a use after free vulnerability by manipulating the animVal property of various SVG tags. This leaves a C++ object pointer in an inconsistent state, which can lead to the execution of arbitrary code. Safari versions prior to 5.1 and 5.0.6 are vulnerable.
99c8cb11dcb256c511dc2217aaa40292d8c285040e8f55bc2b42756ce98c3948