Summary
The host is installed with Apple Safari web browser and is prone to multiple vulnerabilities.
Impact
Successful exploitation allow attackers to execute arbitrary code or can even crash the browser.
Impact Level: Application
Solution
Upgrade Apple Safari 5.0.2 or later,
For updates refer to http://www.apple.com/support/downloads/
Insight
The flaws are due to
- An use-after-free vulnerability in the application, which allows remote attackers to execute arbitrary code via 'run-in' styling in an element, related to object pointers.
- An untrusted search path vulnerability on Windows allows local users to gain privileges via a Trojan horse 'explorer.exe'.
- An error exists in the handling of 'WebKit', which does not properly validate floating-point data, which allows remote attackers to execute arbitrary cod via a crafted HTML document.
Affected
Apple Safari 5.x before 5.0.2 on Windows
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-1805, CVE-2010-1806, CVE-2010-1807 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)
- Adobe Air Multiple Vulnerabilities - December12 (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Windows)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)