Apple Safari vulnerable to buffer overflow

2006-03-03T00:00:00
ID VU:176732
Type cert
Reporter CERT
Modified 2006-03-03T00:00:00

Description

Overview

Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Safari

Apple Safari is a web browser that comes with the Mac OS X operating system.

The Problem

Apple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari.


Impact

A remote attacker may be able to execute arbitrary code on a vulnerable system.


Solution

Install an update

This issue is corrected in Apple Security Update 2006-001.


Disable JavaScript in Safari

For instructions on how to disable JavaScript in Safari, please refer to the Safari section of the Securing Your Web Browser document.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Apple Computer, Inc.| | -| 03 Mar 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

  • <http://www.us-cert.gov/reading_room/securing_browser/#Safari>
  • <http://docs.info.apple.com/article.html?artnum=303382>
  • <http://secunia.com/advisories/19064/>

Credit

This issue was reported in Apple Security Update 2006-001 .

This document was written by Jeff Gennari

Other Information

  • CVE IDs: CVE-2006-0387
  • Date Public: 02 Mar 2006
  • Date First Published: 03 Mar 2006
  • Date Last Updated: 03 Mar 2006
  • Severity Metric: 17.21
  • Document Revision: 10