Summary
The host is installed with Apple Safari web browser and is prone to remote code execution vulnerability.
Impact
Successful exploitation will let the attackers to execute arbitrary code via crafted SVG document.
Impact Level: System/Application
Solution
Upgrade to Apple Safari version 6.0.4 or later,
For updates refer to http://www.apple.com/support/downloads
Insight
WebKit contains a type confusion flaw in the 'SVGViewSpec::viewTarget' function in WebCore/svg/SVGViewSpec.cpp when handling non-SVG elements.
Affected
Apple Safari versions prior to 6.0.4 on Mac OS X
References
Severity
Classification
-
CVE CVE-2013-0912 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Mac OS X