Gravedad: Crítico
  Identificadores de CVE : CVE-2010-0046
  Fecha recomendada: 14 de febrero de 2011

  Descripción

The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.

A memory corruption issue exists in WebKit's handling of CSS format() arguments. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved handling of CSS format() arguments. Credit to Robert Swiecki of Google Inc. for reporting this issue.'

  Revelación de la información

As announced in the March security bulletin, Safari 4.0.5 is available via the Apple Software Update application, or Apple's Safari download site.

  Soluciones

  Trend Micro Deep Security DPI Rule Number: 1004090
  Trend Micro Deep Security DPI Rule Name: 1004090 - Apple Safari CSS Format Argument Handling Memory Corruption

  Software y versión afectados

  • Apple Safari 4.0
  • Apple Safari 4.0.0b
  • Apple Safari 4.0.1
  • Apple Safari 4.0.2
  • Apple Safari 4.0.3
  • Apple Safari 4.0.4