Apple Safari CSS format Argument Handling Memory Corruption
Gravità: : Critico
Identificatori CVE: CVE-2010-0046
Data notifica: 14 febbraio 2011
Descrizione
The Cascading Style Sheets (CSS) implementation in WebKit in
Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash) via crafted
format arguments. Visiting a
maliciously crafted website may lead to an unexpected application termination or
arbitrary code execution.
A memory corruption issue exists in
WebKit's handling of CSS format() arguments. Visiting a maliciously crafted
website may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of CSS format()
arguments. Credit to Robert Swiecki of Google Inc. for reporting this
issue.'
Informazioni esposizione:
As announced in the March security bulletin, Safari
4.0.5 is available via the Apple Software Update application, or Apple's Safari
download site.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1004090
Trend Micro Deep Security DPI Rule Name: 1004090 - Apple Safari CSS Format Argument Handling Memory Corruption
Software e versione interessati:
- Apple Safari 4.0
- Apple Safari 4.0.0b
- Apple Safari 4.0.1
- Apple Safari 4.0.2
- Apple Safari 4.0.3
- Apple Safari 4.0.4