Executive Summary
Summary | |
---|---|
Title | Apple Safari window object invalid pointer vulnerability |
Informations | |||
---|---|---|---|
Name | VU#943165 | First vendor Publication | 2010-05-10 |
Vendor | VU-CERT | Last vendor Modification | 2010-07-27 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#943165Apple Safari window object invalid pointer vulnerabilityOverviewApple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionApple Safari fails to properly handle references to window objects. Safari can allow a window object to be deleted, while references to the object may still exist. If JavaScript code then attempts to use the deleted window object, this can result in the use of an invalid pointer. This pointer can be controlled by an attacker through the use of JavaScript.Exploit code for this vulnerability is publicly available. We have confirmed Apple Safari 4.0.5 on the Windows platform to be vulnerable. Other versions may also be affected. This issue is addressed in Safari 5.0 and 4.1. Please see Apple document HT4196 for more details.
Referenceshttp://www.cert.org/tech_tips/securing_browser/#ssecurity This vulnerability was publicly disclosed by Krystian Kloskowski. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/943165 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6748 | |||
Oval ID: | oval:org.mitre.oval:def:6748 | ||
Title: | Use-after-free vulnerability in Apple Safari 4.0.5 | ||
Description: | Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1939 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Apple Safari |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7143 | |||
Oval ID: | oval:org.mitre.oval:def:7143 | ||
Title: | Apple Safari Window Management Vulnerability | ||
Description: | Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1750 | Version: | 11 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Apple Safari |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Apple Safari parent.close() Invalid Pointer Code Execution | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2010-06-16 | Name : Apple Safari Multiple Vulnerabilities (June-10) File : nvt/gb_apple_safari_mult_vuln_jun10.nasl |
2010-03-23 | Name : Apple Saferi multiple vulnerabilities (Mar10) File : nvt/secpod_apple_safari_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65297 | Apple Safari Window Management Use-after-free Arbitrary Code Execution |
64482 | Apple Safari parent.close() Function Invalid Pointer Arbitrary Code Execution Apple safari contains a flaw in the handling of parent windows that may allow an attacker to to call the close function using an invald pointer resulting in code execution. The issue is triggered when a user visits a specially crafted web pages and closes a spawned popup window. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple Safari window.parent.close unspecified remote code execution vulnerability RuleID : 16666 - Revision : 12 - Type : BROWSER-WEBKIT |
2014-01-10 | Apple Safari information disclosure and remote code execution attempt RuleID : 16596 - Revision : 13 - Type : BROWSER-WEBKIT |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-08 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:57:29 |
|