Executive Summary
Summary | |
---|---|
Title | Apple WebKit frame rendering memory corruption vulnerability |
Informations | |||
---|---|---|---|
Name | VU#389868 | First vendor Publication | 2007-06-22 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-26 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#389868Apple WebKit frame rendering memory corruption vulnerabilityOverviewThe Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code.I. DescriptionAccording to Apple:
The Apple Webkit fails to properly perform type conversions when rendering frame sets possibly allowing memory corruption to occur. If a remote attacker persuades a user to access a specially crafted web page with software that uses WebKit, that attacker may be able corrupt memory in a way that will let them execute arbitrary code. This vulnerability may affect any software that uses the Apple WebKit, including the Safari web browser. Note that this vulnerability is reported to affect software on both the Windows and Apple OS X operating systems.
Systems Affected
References
This vulnerability was reported in Apple Security Update 2007-006. Apple credits Rhys Kidd of Westnet with providing information about this vulnerability. This document was written by Jeff Gennari.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/389868 |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
36450 | Apple Mac OS X / iPhone WebKit Frame Sets Unspecified Memory Corruption Mac OS X contains a flaw related to the WebKit that may allow a remote attacker to execute arbitrary code via a specially crafted web page. No further details have been provided. |
36130 | Apple Mac OS X WebKit Invalid Type Conversion Remote Memory Corruption Code E... A memory corruption flaw exists in Mac OS X. WebKit fails to validate frame sets resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-25 | Name : The remote host is missing a Mac OS X update which fixes a security issue. File : macosx_SecUpd2007-006.nasl - Type : ACT_GATHER_INFO |