Schweregrad: : Crítico
  Identificador(es) CVE: : CVE-2010-0046
  Data do informe: 14 fevereiro 2011

  Descrição

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

A memory corruption issue exists in WebKit's handling of CSS format() arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS format() arguments. Credit to Robert Swiecki of Google Inc. for reporting this issue.'

  Exposição das informações

As announced in the March security bulletin, Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site.

  Solução

  Trend Micro Deep Security DPI Rule Number: 1004090
  Trend Micro Deep Security DPI Rule Name: 1004090 - Apple Safari CSS Format Argument Handling Memory Corruption

  Software infectado e versão:

  • Apple Safari 4.0
  • Apple Safari 4.0.0b
  • Apple Safari 4.0.1
  • Apple Safari 4.0.2
  • Apple Safari 4.0.3
  • Apple Safari 4.0.4