Apple Safari Multiple Vulnerabilities - Oct 2011 (Windows) Network Vulnerability

Summary

The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities.

Impact

Successful exploitation could allow attackers to opening a maliciously crafted files, which leads to an unexpected application termination or arbitrary code execution. Impact Level: System/Application

Solution

Upgrade to Apple Safari version 5.1.1 or later, For updates refer to http://www.apple.com/safari/download/

Insight

The flaws are due to - A directory traversal issue existed in the handling of 'safari-extension://' URLs. - A policy issue existed in the handling of 'file://' URLs. - An uninitialized memory access issue existed in the handling of SSL certificates. - Multiple memory corruption issues existed in WebKit. - A cross origin issue existed in the handling of the beforeload event, 'window.open' method, 'document.documentURI' property and inactive DOM windows in webkit. - A logic issue existed in the handling of cookies in Private Browsing mode.

Affected

Apple Safari versions prior to 5.1.1 on Windows

References

http://support.apple.com/kb/HT5000

Updated on 2017-03-28

Severity

Classification

CVE

CVE-2011-1440, CVE-2011-2338, CVE-2011-2339, CVE-2011-2341, CVE-2011-2351, CVE-2011-2352, CVE-2011-2354, CVE-2011-2356, CVE-2011-2359, CVE-2011-2788, CVE-2011-2790, CVE-2011-2792, CVE-2011-2797, CVE-2011-2799, CVE-2011-2800, CVE-2011-2805, CVE-2011-2809, CVE-2011-2811, CVE-2011-2813, CVE-2011-2814, CVE-2011-2815, CVE-2011-2816, CVE-2011-2817, CVE-2011-2818, CVE-2011-2819, CVE-2011-2820, CVE-2011-2823, CVE-2011-2827, CVE-2011-2831, CVE-2011-3229, CVE-2011-3232, CVE-2011-3233, CVE-2011-3234, CVE-2011-3235, CVE-2011-3236, CVE-2011-3237, CVE-2011-3238, CVE-2011-3239, CVE-2011-3241, CVE-2011-3243

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Take action and discover your vulnerabilities