Summary
The host is running Apple Safari web browser which is prone to remote file access vulnerability.
Impact
Successful remote exploitation can potentially be exploited to gain access to sensitive information and launch other attacks.
Impact Level: System.
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
For updates refer to http://www.apple.com/support/downloads
A workaround is available to correct this issue.
- Download and install the RCDefaultApp preference pane.
- Open System Preferences and choose the Default Applications option.
- Select the 'URLs' tab in the window that appears.
- Choose the 'feed' URL type from the column on the left, and choose a different application or the '<disabled>' option.
- Repeat the previous step for the 'feeds' and 'feedsearch' URL types.
Insight
Flaw is due an error generated in safari web browser while handling feed, feeds and feedsearch URL types for RSS feeds.
Affected
Apple Safari 3.1.2 and prior on Windows.
References
Severity
Classification
-
CVE CVE-2009-0123 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:C/I:N/A:N
Related Vulnerabilities