Summary
This host is installed with Apple Safari Web Browser and is prone to Denial of Service or Cross-Site Scripting vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary code and can cause memory corruption, XSS attacks and can deny the service in the victim's system.
Impact Level: Application
Solution
Upgrade to Safari version 4.0.2 (4.30.19.1)
http://www.apple.com/support/downloads
Insight
- Error in 'WebKit' is allow user to inject arbitrary web script or HTML via vectors related to parent and top objects.
- Error in 'WebKit' is fails to handle numeric character references via a crafted HTML document.
Affected
Apple Safari version prior to 4.0.2 on Windows.
References
Severity
Classification
-
CVE CVE-2009-1724, CVE-2009-1725 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Reader '.ETD File' Denial of Service Vulnerability (Mac OS X)
- Cogent DataHub Multiple Vulnerabilities
- CA Multiple Products 'arclib' Component DoS Vulnerability (Win)
- Google Chrome Multiple Denial of Service Vulnerabilities - March12 (Windows)
- Aast! Antivirus 'aavmker4.sys' Denial Of Service Vulnerability (Win)