9.3 - VU#389868

Executive Summary

Summary
Title	Apple WebKit frame rendering memory corruption vulnerability

Informations
Name	VU#389868	First vendor Publication	2007-06-22
Vendor	VU-CERT	Last vendor Modification	2007-06-26
Severity (Vendor)	N/A	Revision	M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#389868

Apple WebKit frame rendering memory corruption vulnerability

Overview

The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.

I. Description

According to Apple:

WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X for use in your applications.

More information about WebKit is available at the WebKit Project web site.

The Apple Webkit fails to properly perform type conversions when rendering frame sets possibly allowing memory corruption to occur. If a remote attacker persuades a user to access a specially crafted web page with software that uses WebKit, that attacker may be able corrupt memory in a way that will let them execute arbitrary code.

This vulnerability may affect any software that uses the Apple WebKit, including the Safari web browser.

Note that this vulnerability is reported to affect software on both the Windows and Apple OS X operating systems.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

III. Solution

Apply Apple Updates
Apple has released an update to address this vulnerability. Refer to Apple Security Update 2007-006 for more information.

According to Apple:

Safari 3 Beta Update 3.0.2 will appear for systems running Safari 3 Beta and includes the entire contents of Security Update 2007-006. Security Update 2007-006 itself will not appear via Software Update for systems that have installed Safari 3 Beta.

Systems Affected

Vendor	Status	Date Updated
Apple Computer, Inc.	Vulnerable	22-Jun-2007

References

http://docs.info.apple.com/article.html?artnum=305759
http://developer.apple.com/opensource/internet/webkit.html
http://webkit.opendarwin.org/
http://lists.apple.com/archives/security-announce/2007/Jun/msg00004.html
http://secunia.com/advisories/25786/

Credit

This vulnerability was reported in Apple Security Update 2007-006. Apple credits Rhys Kidd of Westnet with providing information about this vulnerability.

This document was written by Jeff Gennari.

Other Information

Date Public
Date First Published	06/22/2007 05:51:46 PM
Date Last Updated	06/26/2007
CERT Advisory
CVE Name	CVE-2007-2399
Metric	2.55
Document Revision	21

Original Source

Url : http://www.kb.cert.org/vuls/id/389868

CPE : Common Platform Enumeration

Type	Description	Count
Os	Apple Iphone Os cpe:2.3:o:apple:iphone_os:1.0.0:::::::* cpe:2.3:o:apple:iphone_os:1.0:::::::* cpe:2.3:o:apple:iphone_os:::~~~~ipodtouch~:::::* cpe:2.3:o:apple:iphone_os:::::::ipodtouch:* cpe:2.3:o:apple:iphone_os:::::::iphone:* cpe:2.3:o:apple:iphone_os:::::::ipad2:* cpe:2.3:o:apple:iphone_os::::::ipod_touch::* cpe:2.3:o:apple:iphone_os:::~~~~iphone~:::::* cpe:2.3:o:apple:iphone_os:::~~~~ipad2~:::::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:apple:iphone_os:-::~~~~ipad2~::::: cpe:2.3:o:apple:iphone_os:-::~~~~iphone~::::: cpe:2.3:o:apple:iphone_os:-::~~~~ipodtouch~::::: cpe:2.3:o:apple:iphone_os:-::::::ipad2: cpe:2.3:o:apple:iphone_os:-::::::iphone: cpe:2.3:o:apple:iphone_os:-::::::ipodtouch:	17
Os	Apple Mac Os X cpe:2.3:o:apple:mac_os_x:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x:10.3.9:::::::*	2
Os	Apple Mac Os X Server cpe:2.3:o:apple:mac_os_x_server:10.4.9:::::::* cpe:2.3:o:apple:mac_os_x_server:10.3.9:::::::*	2

OpenVAS Exploits

Date	Description
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
36450	Apple Mac OS X / iPhone WebKit Frame Sets Unspecified Memory Corruption Mac OS X contains a flaw related to the WebKit that may allow a remote attacker to execute arbitrary code via a specially crafted web page. No further details have been provided.
36130	Apple Mac OS X WebKit Invalid Type Conversion Remote Memory Corruption Code E... A memory corruption flaw exists in Mac OS X. WebKit fails to validate frame sets resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Nessus® Vulnerability Scanner

Date	Description
2007-06-25	Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_SecUpd2007-006.nasl - Type : ACT_GATHER_INFO

Global Informations

Type	Count
CPE ID(s)	21
osvdb(s)	2
Openvas Exploit(s)	1
Nessus® Exploit(s)	1

	Related
9.3	CVE-2007-2399
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)