ID VU:176732 Type cert Reporter CERT Modified 2006-03-03T00:00:00
Description
Overview
Apple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Safari
Apple Safari is a web browser that comes with the Mac OS X operating system.
The Problem
Apple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari.
Impact
A remote attacker may be able to execute arbitrary code on a vulnerable system.
For instructions on how to disable JavaScript in Safari, please refer to the Safari section of the Securing Your Web Browser document.
Systems Affected
Vendor| Status| Date Notified| Date Updated
---|---|---|---
Apple Computer, Inc.| | -| 03 Mar 2006
If you are a vendor and your product is affected, let us know.
{"viewCount": 0, "id": "VU:176732", "hash": "c1a591699eb4588746ba0c1176304b11c690c895935972b7b6069b2969a1048b", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.kb.cert.org/vuls/id/176732", "history": [], "edition": 1, "references": ["http://www.apple.com/safari/", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://www.us-cert.gov/reading_room/securing_browser/#Safari", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://docs.info.apple.com/article.html?artnum=303382", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "http://secunia.com/advisories/19064/", "http://www.apple.com/macosx/"], "cvelist": ["CVE-2006-0387", "CVE-2006-0387"], "description": "### Overview\n\nApple Safari is vulnerable to a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\n**Safari **\n\nApple [Safari](<http://www.apple.com/safari/>) is a web browser that comes with the [Mac OS X](<http://www.apple.com/macosx/>) operating system. \n \n**The Problem** \n \nApple Safari contains a stack-based buffer overflow. This vulnerability can be triggered by persuading a user to access a web page containing specially crafted JavaScript with Safari. \n \n--- \n \n### Impact\n\nA remote attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\n**Install an update**\n\nThis issue is corrected in [Apple Security Update 2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n \n--- \n \n**Disable JavaScript in Safari**\n\n \nFor instructions on how to disable JavaScript in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#Safari>) document. \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 03 Mar 2006 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23176732 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://www.us-cert.gov/reading_room/securing_browser/#Safari>\n * <http://docs.info.apple.com/article.html?artnum=303382>\n * <http://secunia.com/advisories/19064/>\n\n### Credit\n\nThis issue was reported in Apple Security Update [2006-001](<http://docs.info.apple.com/article.html?artnum=303382>). \n\nThis document was written by Jeff Gennari\n\n### Other Information\n\n * CVE IDs: [CVE-2006-0387](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387>)\n * Date Public: 02 Mar 2006\n * Date First Published: 03 Mar 2006\n * Date Last Updated: 03 Mar 2006\n * Severity Metric: 17.21\n * Document Revision: 10\n\n", "modified": "2006-03-03T00:00:00", "lastseen": "2016-02-03T09:12:59", "bulletinFamily": "info", "title": "Apple Safari vulnerable to buffer overflow", "objectVersion": "1.2", "reporter": "CERT", "type": "cert", "published": "2006-03-03T00:00:00", "enchantments": {"vulnersScore": 3.5}}
{"result": {"cve": [{"id": "CVE-2006-0387", "type": "cve", "title": "CVE-2006-0387", "description": "Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.", "published": "2006-03-06T15:06:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0387", "cvelist": ["CVE-2006-0387"], "lastseen": "2017-07-20T10:49:04"}], "osvdb": [{"id": "OSVDB:23637", "type": "osvdb", "title": "Apple Safari JavaScript Processing Unspecified Overflow", "description": "## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (2006-001) to address this vulnerability.\n## References:\n[Vendor Specific Advisory URL](http://docs.info.apple.com/article.html?artnum=303382)\nSecurity Tracker: 1015713\n[Secunia Advisory ID:19064](https://secuniaresearch.flexerasoftware.com/advisories/19064/)\n[Related OSVDB ID: 23639](https://vulners.com/osvdb/OSVDB:23639)\n[Related OSVDB ID: 23646](https://vulners.com/osvdb/OSVDB:23646)\n[Related OSVDB ID: 23636](https://vulners.com/osvdb/OSVDB:23636)\n[Related OSVDB ID: 23640](https://vulners.com/osvdb/OSVDB:23640)\n[Related OSVDB ID: 23641](https://vulners.com/osvdb/OSVDB:23641)\n[Related OSVDB ID: 23642](https://vulners.com/osvdb/OSVDB:23642)\n[Related OSVDB ID: 23643](https://vulners.com/osvdb/OSVDB:23643)\n[Related OSVDB ID: 23648](https://vulners.com/osvdb/OSVDB:23648)\n[Related OSVDB ID: 23649](https://vulners.com/osvdb/OSVDB:23649)\n[Related OSVDB ID: 23638](https://vulners.com/osvdb/OSVDB:23638)\n[Related OSVDB ID: 23644](https://vulners.com/osvdb/OSVDB:23644)\n[Related OSVDB ID: 23645](https://vulners.com/osvdb/OSVDB:23645)\n[Related OSVDB ID: 23647](https://vulners.com/osvdb/OSVDB:23647)\nNews Article: http://www.informationweek.com/news/showArticle.jhtml;?articleID=181500394\n[CVE-2006-0387](https://vulners.com/cve/CVE-2006-0387)\n", "published": "2006-02-28T06:02:40", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:23637", "cvelist": ["CVE-2006-0387"], "lastseen": "2017-04-28T13:20:20"}], "metasploit": [{"id": "MSF:EXPLOIT/OSX/EMAIL/MAILAPP_IMAGE_EXEC", "type": "metasploit", "title": "Mail.app Image Attachment Command Execution", "description": "This module exploits a command execution vulnerability in the Mail.app application shipped with Mac OS X 10.5.0. This flaw was patched in 10.4 in March of 2007, but reintroduced into the final release of 10.5.", "published": "2007-11-26T06:11:10", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2005-2713", "CVE-2005-2714", "CVE-2005-3319", "CVE-2005-3353", "CVE-2005-3391", "CVE-2005-3392", "CVE-2005-3706", "CVE-2005-3712", "CVE-2005-4217", "CVE-2005-4504", "CVE-2006-0383", "CVE-2006-0384", "CVE-2006-0386", "CVE-2006-0387", "CVE-2006-0388", "CVE-2006-0389", "CVE-2006-0391", "CVE-2006-0395", "CVE-2007-6165"], "lastseen": "2018-02-25T03:05:38"}], "nessus": [{"id": "MACOSX_SECUPD2006-001.NASL", "type": "nessus", "title": "Mac OS X Multiple Vulnerabilities (Security Update 2006-001)", "description": "The remote host is running Apple Mac OS X, but lacks Security Update 2006-001.\n\nThis security update contains fixes for the following applications :\n\napache_mod_php automount Bom Directory Services iChat IPSec LaunchServices LibSystem loginwindow Mail rsync Safari Syndication", "published": "2006-03-02T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20990", "cvelist": ["CVE-2005-3353", "CVE-2006-0387", "CVE-2005-3392", "CVE-2006-0383", "CVE-2006-0388", "CVE-2006-0395", "CVE-2005-2713", "CVE-2005-4504", "CVE-2006-0386", "CVE-2005-3319", "CVE-2006-0384", "CVE-2006-0389", "CVE-2005-3391", "CVE-2005-2714", "CVE-2005-3712", "CVE-2006-0848", "CVE-2005-3706", "CVE-2006-0391", "CVE-2005-4217"], "lastseen": "2017-10-29T13:42:51"}]}}