Executive Summary

Summary
Title Apple Safari contains a memory corruption issue in the handling of JavaScript arrays by WebKit
Informations
Name VU#361043 First vendor Publication 2008-07-01
Vendor VU-CERT Last vendor Modification 2008-07-01
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#361043

Apple Safari contains a memory corruption issue in the handling of JavaScript arrays by WebKit

Overview

The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

I. Description

According to Apple Security Update 2008-004:

A memory corruption issue exists in WebKit's handling of JavaScript arrays. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

This vulnerability may affect any software that uses the Apple WebKit, including the Safari web browser.

Note that this vulnerability is reported to affect software on both the Windows and Apple OS X operating systems.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Apply Apple Updates
Apple has released an update to address this vulnerability. Refer to Apple Security Update 2008-004 for more information.

Systems Affected

VendorStatusDate Updated
Apple Computer, Inc.Vulnerable1-Jul-2008

References


http://lists.apple.com/archives/security-announce/2008/Jun/msg00001.html
http://support.apple.com/kb/HT2092
http://support.apple.com/kb/HT2165
http://support.apple.com/kb/HT2163

Credit

This vulnerability was reported in Apple Security Update 2008-004. Apple credits James Urquhart with reporting this issue.

This document was written by Ryan Giobbi.

Other Information

Date Public06/19/2008
Date First Published07/01/2008 06:28:57 PM
Date Last Updated07/01/2008
CERT Advisory 
CVE NameCVE-2008-2307
US-CERT Technical Alerts 
Metric10.33
Document Revision6

Original Source

Url : http://www.kb.cert.org/vuls/id/361043

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-399 Resource Management Errors

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 143
Os 59
Os 1

OpenVAS Exploits

Date Description
2010-05-12 Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-02-17 Name : Fedora Update for WebKit FEDORA-2008-6186
File : nvt/gb_fedora_2008_6186_WebKit_fc9.nasl
2009-02-17 Name : Fedora Update for WebKit FEDORA-2008-6220
File : nvt/gb_fedora_2008_6220_WebKit_fc8.nasl
2008-08-22 Name : Apple Safari for Windows Multiple Vulnerabilities July-08
File : nvt/secpod_apple_safari_mult_vuln_july08_900002.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
46502 Apple Safari WebKit JavaScript Array Handling Memory Corruption Arbitrary Cod...

Nessus® Vulnerability Scanner

Date Description
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6186.nasl - Type : ACT_GATHER_INFO
2008-07-10 Name : The remote Fedora host is missing a security update.
File : fedora_2008-6220.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_5_4.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host contains a web browser that is affected by a buffer overflow ...
File : macosx_Safari3_1_2.nasl - Type : ACT_GATHER_INFO
2008-07-01 Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_SecUpd2008-004.nasl - Type : ACT_GATHER_INFO
2008-06-20 Name : The remote host contains a web browser that is affected by several issues.
File : safari_3_1_2.nasl - Type : ACT_GATHER_INFO