Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в WebKit / Apple Safari
дополнено с 9 июня 2009 г.
Опубликовано:23 июня 2009 г.
Источник:
SecurityVulns ID:9972
Тип:клиент
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти, доступ к локальным файлам.
CVE:CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches.")
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by destroying a document.body element that has an unspecified XML container with elements that support the dir attribute.)
 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.)
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers.")
 CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.)
Оригинальный текстdocumentsecurity_(at)_nruns.com, n.runs-SA-2009.006 - Apple Safari - Null pointer dereference (23.06.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.005 - Apple Safari - Information disclosure (23.06.2009)
 documentNetragard Security Advisories, [Full-disclosure] [NETRAGARD SECURITY ADVISORY] [< Safari 3.2.3 Arbitrary Code Execution + PoC ][NETRAGARD-20090622] (22.06.2009)
 documentThierry Zoller, [TZO-37-2009] Apple Safari <v4 Remote code execution (16.06.2009)
 documentThierry Zoller, [TZO-36-2009] Apple Safari & Quicktime Denial of Service (16.06.2009)
 documentIDEFENSE, iDefense Security Advisory 06.11.09: Multiple Vendor WebKit Error Handling Use After Free Vulnerability (14.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Apple Safari Remote Memory Corruption Vulnerability (11.06.2009)
 documentChris Evans, Apple Safari cross-domain XML theft vulnerability (10.06.2009)
 documentChris Evans, Apple Safari local file theft vulnerability (09.06.2009)
 documentZDI, ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability (09.06.2009)
 documentZDI, ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (09.06.2009)
 documentZDI, ZDI-09-033: Apple WebKit dir Attribute Freeing Dangling Object Pointer Vulnerability (09.06.2009)
Файлы: Safari 3.2.3 Arbitrary Code Execution PoC

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород