Apple Safari CSS format Argument Handling Memory Corruption
2011年2月14日
危険度: : 緊急
CVE識別番号: CVE-2010-0046
概要
The Cascading Style Sheets (CSS) implementation in WebKit in
Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash) via crafted
format arguments. Visiting a
maliciously crafted website may lead to an unexpected application termination or
arbitrary code execution.
A memory corruption issue exists in
WebKit's handling of CSS format() arguments. Visiting a maliciously crafted
website may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of CSS format()
arguments. Credit to Robert Swiecki of Google Inc. for reporting this
issue.'
トレンドマイクロの対策
As announced in the March security bulletin, Safari
4.0.5 is available via the Apple Software Update application, or Apple's Safari
download site.
対応方法
Trend Micro Deep Security DPI Rule Number: 1004090
Trend Micro Deep Security DPI Rule Name: 1004090 - Apple Safari CSS Format Argument Handling Memory Corruption
影響を受けるソフトウェア
- Apple Safari 4.0
- Apple Safari 4.0.0b
- Apple Safari 4.0.1
- Apple Safari 4.0.2
- Apple Safari 4.0.3
- Apple Safari 4.0.4