Summary
The host is installed with Apple Safari Web Browser, which is prone to multiple vulnerabilities.
Impact
Successful exploitation by attacker could lead to exposure of sensitive information, system access or denying the application and allow execution of arbitrary code.
Impact Level : SYSTEM
Solution
Update safary to version 3.1.2
http://www.apple.com/support/downloads/
Insight
The vulnerability exists due to,
- improper handling of BMP and GIF images that can lead to disclosure of system memory contents.
- handling of files that are downloaded from a website which is in Internet Explorer 7 Zone with the Launching applications and unsafe files set to Enable, or in the Internet Explorer 6 Local Intranet or Trusted sites zone causing safary to launch unsafe executables.
- an error in handling JavaScript arrays that can lead to memory corruption.
Affected
Apple Safari versions prior to 3.1.2 on Windows (All).
References
Severity
Classification
-
CVE CVE-2008-1573, CVE-2008-2306, CVE-2008-2307 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Sep14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)