Apple Safari CSS format Argument Handling Memory Corruption
Severity: : Critical
CVE Kennungen: : CVE-2010-0046
Advisory Date: 14 de февраля de 2011
DESCRIPTION
The Cascading Style Sheets (CSS) implementation in WebKit in
Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or
cause a denial of service (memory corruption and application crash) via crafted
format arguments. Visiting a
maliciously crafted website may lead to an unexpected application termination or
arbitrary code execution.
A memory corruption issue exists in
WebKit's handling of CSS format() arguments. Visiting a maliciously crafted
website may lead to an unexpected application termination or arbitrary code
execution. This issue is addressed through improved handling of CSS format()
arguments. Credit to Robert Swiecki of Google Inc. for reporting this
issue.'
INFORMATION EXPOSURE
As announced in the March security bulletin, Safari
4.0.5 is available via the Apple Software Update application, or Apple's Safari
download site.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1004090
Trend Micro Deep Security DPI Rule Name: 1004090 - Apple Safari CSS Format Argument Handling Memory Corruption
AFFECTED SOFTWARE AND VERSION:
- Apple Safari 4.0
- Apple Safari 4.0.0b
- Apple Safari 4.0.1
- Apple Safari 4.0.2
- Apple Safari 4.0.3
- Apple Safari 4.0.4