Krystian KloskowskiVU:943165Apple Safari window object invalid pointer vulnerability
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.4%
Overview
Apple Safari contains a vulnerability in the handling of window objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Apple Safari fails to properly handle references to window objects. Safari can allow a window object to be deleted, while references to the object may still exist. If JavaScript code then attempts to use the deleted window object, this can result in the use of an invalid pointer. This pointer can be controlled by an attacker through the use of JavaScript.
Exploit code for this vulnerability is publicly available. We have confirmed Apple Safari 4.0.5 on the Windows platform to be vulnerable. Other versions may also be affected.
Impact
By convincing a victim to view an HTML document (webpage, HTML email, or email attachment) with Apple Safari, an attacker could run arbitrary code with the privileges of the user running the application.
Solution
Apply an update
This issue is addressed in Safari 5.0 and 4.1. Please see Apple document HT4196 for more details.
Disable JavaScript
This issue can be mitigated by disabling JavaScript in Apple Safari. Please see the Securing Your Web Browser document for more details.
Do not follow unsolicited links
In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases, particularly if a trusted site has been compromised or allows cross-site scripting.
Vendor Information
943165
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Apple Inc. __ Affected
Updated: July 27, 2010
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
This issue is addressed in Safari 5.0 and 4.1. Please see Apple document HT4196 for more details.
Vendor References
Addendum
This issue can be mitigated by disabling JavaScript in Apple Safari. Please see the Securing Your Web Browser document for more details.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23943165 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
<http://secunia.com/advisories/39670/>
Acknowledgements
This vulnerability was publicly disclosed by Krystian Kloskowski.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2010-1939, CVE-2010-1750 |
|---|---|
| Severity Metric: | 20.41 Date Public: |
References
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.4%