ID CVE-2009-2842 Type cve Reporter cve@mitre.org Modified 2017-09-19T01:29:00
Description
Apple Safari before 4.0.4 does not properly implement certain (1) Open Image and (2) Open Link menu options, which allows remote attackers to read local HTML files via a crafted web site.
{"openvas": [{"lastseen": "2020-03-03T21:01:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2842", "CVE-2009-2816", "CVE-2009-3384"], "description": "This host has Apple Safari installed and is prone to multiple\n vulnerabilities.", "modified": "2020-02-28T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:1361412562310900889", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900889", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - Nov09", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Apple Safari Multiple Vulnerabilities - Nov09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:apple:safari\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900889\");\n script_version(\"2020-02-28T13:41:47+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 13:41:47 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 15:16:05 +0100 (Tue, 17 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2816\", \"CVE-2009-2842\", \"CVE-2009-3384\");\n script_bugtraq_id(36997, 36994, 36995);\n script_name(\"Apple Safari Multiple Vulnerabilities - Nov09\");\n\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_mandatory_keys(\"AppleSafari/Version\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow attackers to bypass certain security\n restrictions, disclose sensitive information, or compromise a user's system.\");\n\n script_tag(name:\"affected\", value:\"Apple Safari version prior to 4.0.4.\");\n\n script_tag(name:\"insight\", value:\"- An error exists in WebKit when sending 'preflight' requests originating\n from a page in a different origin. This can be exploited to facilitate\n cross-site request forgery attacks by injecting custom HTTP headers.\n\n - An error exists when handling an 'Open Image in New Tab', 'Open Image in'\n 'New Window', or 'Open Link in New Tab' shortcut menu action performed on\n a link to a local file. This can be exploited to load a local HTML file\n and disclose sensitive information by tricking a user into performing the\n affected actions within a specially crafted webpage.\n\n - Multiple errors in WebKit when handling FTP directory listings can be\n exploited to disclose sensitive information.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Safari version 4.0.4 or latest version.\");\n\n script_tag(name:\"summary\", value:\"This host has Apple Safari installed and is prone to multiple\n vulnerabilities.\");\n\n script_xref(name:\"URL\", value:\"http://support.apple.com/kb/HT3949\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/37346\");\n script_xref(name:\"URL\", value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_is_less(version:vers, test_version:\"5.31.21.11\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"Safari 4.0.4 (5.31.21.11)\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:13:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2842", "CVE-2009-2816", "CVE-2009-3384"], "description": "This host has Apple Safari installed and is prone to multiple\n vulnerabilities.", "modified": "2017-01-20T00:00:00", "published": "2009-11-17T00:00:00", "id": "OPENVAS:900889", "href": "http://plugins.openvas.org/nasl.php?oid=900889", "type": "openvas", "title": "Apple Safari Multiple Vulnerabilities - Nov09", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_apple_safari_mult_vuln_nov09.nasl 5055 2017-01-20 14:08:39Z teissa $\n#\n# Apple Safari Multiple Vulnerabilities - Nov09\n#\n# Authors:\n# Sharath S <sharaths@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow attackers to bypass certain security\n restrictions, disclose sensitive information, or compromise a user's system.\n Impact Level: Application\";\ntag_affected = \"Apple Safari version prior to 4.0.4\";\ntag_insight = \"- An error exists in WebKit when sending 'preflight' requests originating\n from a page in a different origin. This can be exploited to facilitate\n cross-site request forgery attacks by injecting custom HTTP headers.\n - An error exists when handling an 'Open Image in New Tab', 'Open Image in'\n 'New Window', or 'Open Link in New Tab' shortcut menu action performed on\n a link to a local file. This can be exploited to load a local HTML file\n and disclose sensitive information by tricking a user into performing the\n affected actions within a specially crafted webpage.\n - Multiple errors in WebKit when handling FTP directory listings can be\n exploited to disclose sensitive information.\";\ntag_solution = \"Upgrade to Safari version 4.0.4 or latest version.\n http://www.apple.com/safari/download/\";\ntag_summary = \"This host has Apple Safari installed and is prone to multiple\n vulnerabilities.\";\n\nif(description)\n{\n script_id(900889);\n script_version(\"$Revision: 5055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-11-17 15:16:05 +0100 (Tue, 17 Nov 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-2816\", \"CVE-2009-2842\", \"CVE-2009-3384\");\n script_bugtraq_id(36997, 36994, 36995);\n script_name(\"Apple Safari Multiple Vulnerabilities - Nov09\");\n\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"General\");\n script_dependencies(\"secpod_apple_safari_detect_win_900003.nasl\");\n script_require_keys(\"AppleSafari/Version\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://support.apple.com/kb/HT3949\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/37346\");\n script_xref(name : \"URL\" , value : \"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nsafariVer = get_kb_item(\"AppleSafari/Version\");\nif(!safariVer){\n exit(0);\n}\n\n# Check for Safari version < 4.0.4 (5.31.21.10)\nif(version_is_less(version:safariVer, test_version:\"5.31.21.11\")){\n security_message(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-03-01T03:41:20", "description": "The version of Apple Safari installed on the remote Mac OS X host is\nearlier than 4.0.4. As such, it is potentially affected by several\nissues :\n\n - Multiple use-after-free issues exist in libxml2, the\n most serious of which could lead to a program crash.\n (CVE-2009-2414, CVE-2009-2416)\n\n - An issue in the handling of navigations initiated via \n the 'Open Image in New Tab', 'Open Image in New Window'\n or 'Open Link in New Tab' shortcut menu options could\n be exploited to load a local HTML file, leading to\n disclosure of sensitive information. (CVE-2009-2842)\n\n - An issue involving WebKit's inclusion of custom HTTP\n headers specified by a requesting page in preflight\n requests in support of Cross-Origin Resource Sharing\n can facilitate cross-site request forgery attacks. \n (CVE-2009-2816)\n\n - WebKit fails to issue a resource load callback to \n determine if a resource should be loaded when it\n encounters an HTML 5 Media Element pointing to an \n external resource, which could lead to undesired\n requests to remote servers. (CVE-2009-2841)", "edition": 27, "published": "2009-11-12T00:00:00", "title": "Mac OS X : Apple Safari < 4.0.4", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2414", "CVE-2009-2841", "CVE-2009-2416", "CVE-2009-2842", "CVE-2009-2816"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "MACOSX_SAFARI4_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/42477", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(42477);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2816\",\n \"CVE-2009-2841\",\n \"CVE-2009-2842\"\n );\n script_bugtraq_id(36994, 36996, 36997);\n\n script_name(english:\"Mac OS X : Apple Safari < 4.0.4\");\n script_summary(english:\"Check the Safari SourceVersion\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version of Apple Safari installed on the remote Mac OS X host is\nearlier than 4.0.4. As such, it is potentially affected by several\nissues :\n\n - Multiple use-after-free issues exist in libxml2, the\n most serious of which could lead to a program crash.\n (CVE-2009-2414, CVE-2009-2416)\n\n - An issue in the handling of navigations initiated via \n the 'Open Image in New Tab', 'Open Image in New Window'\n or 'Open Link in New Tab' shortcut menu options could\n be exploited to load a local HTML file, leading to\n disclosure of sensitive information. (CVE-2009-2842)\n\n - An issue involving WebKit's inclusion of custom HTTP\n headers specified by a requesting page in preflight\n requests in support of Cross-Origin Resource Sharing\n can facilitate cross-site request forgery attacks. \n (CVE-2009-2816)\n\n - WebKit fails to issue a resource load callback to \n determine if a resource should be loaded when it\n encounters an HTML 5 Media Element pointing to an \n external resource, which could lead to undesired\n requests to remote servers. (CVE-2009-2841)\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3949\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/18277\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Apple Safari 4.0.4 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 352, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n \n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n \n script_dependencies(\"macosx_Safari31.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/uname\", \"Host/MacOSX/Version\", \"MacOSX/Safari/Installed\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nuname = get_kb_item_or_exit(\"Host/uname\");\nif (!egrep(pattern:\"Darwin.* (8\\.|9\\.[0-8]\\.|10\\.)\", string:uname)) audit(AUDIT_OS_NOT, \"Mac OS X 10.4 / 10.5 / 10.6\");\n\n\nget_kb_item_or_exit(\"MacOSX/Safari/Installed\");\npath = get_kb_item_or_exit(\"MacOSX/Safari/Path\", exit_code:1);\nversion = get_kb_item_or_exit(\"MacOSX/Safari/Version\", exit_code:1);\n\nfixed_version = \"4.0.4\";\n\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n set_kb_item(name:'www/0/XSRF', value:TRUE);\n\n if (report_verbosity > 0)\n {\n report = \n '\\n Installed version : ' + version + \n '\\n Fixed version : ' + fixed_version + '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Safari\", version);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T06:03:37", "description": "The version of Safari installed on the remote Windows host is earlier\nthan 4.0.4. Such versions are potentially affected by several \nissues :\n\n - An integer overflow in the handling of images with an\n embedded color profile could lead to a crash or \n arbitrary code execution. (CVE-2009-2804)\n\n - Multiple use-after-free issues exist in libxml2, the\n most serious of which could lead to a program crash.\n (CVE-2009-2414, CVE-2009-2416)\n\n - An issue in the handling of navigations initiated via \n the 'Open Image in New Tab', 'Open Image in New Window'\n or 'Open Link in New Tab' shortcut menu options could\n be exploited to load a local HTML file, leading to\n disclosure of sensitive information. (CVE-2009-2842)\n\n - An issue involving WebKit's inclusion of custom HTTP\n headers specified by a requesting page in preflight\n requests in support of Cross-Origin Resource Sharing\n can facilitate cross-site request forgery attacks. \n (CVE-2009-2816)\n\n - Multiple issues in WebKit's handling of FTP directory \n listings may lead to information disclosure, unexpected\n application termination, or execution of arbitrary \n code. (CVE-2009-3384)", "edition": 27, "published": "2009-11-12T00:00:00", "title": "Safari < 4.0.4 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-2804", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2842", "CVE-2009-2816", "CVE-2009-3384"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:apple:safari"], "id": "SAFARI_4_0_4.NASL", "href": "https://www.tenable.com/plugins/nessus/42478", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(42478);\n script_version(\"1.16\");\n\n script_cve_id(\n \"CVE-2009-2804\",\n \"CVE-2009-2414\",\n \"CVE-2009-2416\",\n \"CVE-2009-2816\",\n \"CVE-2009-2842\",\n \"CVE-2009-3384\"\n );\n script_bugtraq_id(36357, 36994, 36995, 36997);\n\n script_name(english:\"Safari < 4.0.4 Multiple Vulnerabilities\");\n script_summary(english:\"Checks Safari's version number\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host contains a web browser that is affected by several\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The version of Safari installed on the remote Windows host is earlier\nthan 4.0.4. Such versions are potentially affected by several \nissues :\n\n - An integer overflow in the handling of images with an\n embedded color profile could lead to a crash or \n arbitrary code execution. (CVE-2009-2804)\n\n - Multiple use-after-free issues exist in libxml2, the\n most serious of which could lead to a program crash.\n (CVE-2009-2414, CVE-2009-2416)\n\n - An issue in the handling of navigations initiated via \n the 'Open Image in New Tab', 'Open Image in New Window'\n or 'Open Link in New Tab' shortcut menu options could\n be exploited to load a local HTML file, leading to\n disclosure of sensitive information. (CVE-2009-2842)\n\n - An issue involving WebKit's inclusion of custom HTTP\n headers specified by a requesting page in preflight\n requests in support of Cross-Origin Resource Sharing\n can facilitate cross-site request forgery attacks. \n (CVE-2009-2816)\n\n - Multiple issues in WebKit's handling of FTP directory \n listings may lead to information disclosure, unexpected\n application termination, or execution of arbitrary \n code. (CVE-2009-3384)\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://support.apple.com/kb/HT3949\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\", \n value:\"http://www.securityfocus.com/advisories/18277\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Safari 4.0.4 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(119, 189, 352, 399);\n script_set_attribute(\n attribute:\"vuln_publication_date\", \n value:\"2009/11/11\"\n );\n script_set_attribute(\n attribute:\"patch_publication_date\", \n value:\"2009/11/11\"\n );\n script_set_attribute(\n attribute:\"plugin_publication_date\", \n value:\"2009/11/12\"\n );\n script_cvs_date(\"Date: 2018/07/27 18:38:15\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:apple:safari\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"safari_installed.nasl\");\n script_require_keys(\"SMB/Safari/FileVersion\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\n\n\npath = get_kb_item(\"SMB/Safari/Path\");\nversion = get_kb_item(\"SMB/Safari/FileVersion\");\nif (isnull(version)) exit(0);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 5 ||\n (\n ver[0] == 5 &&\n (\n ver[1] < 31 ||\n (\n ver[1] == 31 && \n (\n ver[2] < 21 ||\n (ver[2] == 21 && ver[3] < 10)\n )\n )\n )\n )\n)\n{\n if (report_verbosity > 0)\n {\n if (isnull(path)) path = \"n/a\";\n\n prod_version = get_kb_item(\"SMB/Safari/ProductVersion\");\n if (!isnull(prod_version)) version = prod_version;\n\n report = string(\n \"\\n\",\n \"Nessus collected the following information about the current install\\n\",\n \"of Safari on the remote host :\\n\",\n \"\\n\",\n \" Version : \", version, \"\\n\",\n \" Path : \", path, \"\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2018-10-06T23:09:15", "bulletinFamily": "info", "cvelist": ["CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2804", "CVE-2009-2816", "CVE-2009-2841", "CVE-2009-2842", "CVE-2009-3384"], "description": "[](<https://threatpost.com/apple-patches-critical-safari-vulnerabilities-111109/>)Apple today shipped Safari 4.0.4 to fix a total of seven security flaws that expose Windows and Mac users to a wide range of malicious hacker attacks.\n\nThe high-priority update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site. Some of the issues affect Microsoft\u2019s new Windows 7 operating system. \nHere are the details from an Apple advisory:\n\n * **ColorSync** (CVE-2009-2804) \u2014 Available for Windows 7, Windows Vista and Windows XP \u2014 An integer overflow exists in the handling of images with an embedded color profile, which may lead to a heap buffer overflow. Opening a maliciously crafted image with an embedded color profile may lead to an unexpected application termination or arbitrary code execution. This vulnerability was internally discovered by Apple.\n * **libxml** CVE-2009-2414 and CVE-2009-2416 \u2014 Available for: Mac OS X Windows 7, Windows Vista and Windows XP \u2014 Multiple use-after-free issues exist in libxml2, the most serious of which may lead to an unexpected application termination. This update addresses the issues through improved memory handling. The issues have already been addressed in Mac OS X 10.6.2, and in Security Update 2009-006 for Mac OS X 10.5.8 systems.\n * **Safari **\u2014 CVE-2009-2842 \u2014 Available for: Mac OS X, Windows 7, Windows Vista and Windows XP \u2014 An issue exists in Safari\u2019s handling of navigations initiated via the \u201cOpen Image in New Tab\u201d, \u201cOpen Image in New Window\u201d, or \u201cOpen Link in New Tab\u201d shortcut menu options. Using these options within a maliciously crafted website could load a local HTML file, leading to the disclosure of sensitive information.\n * **WebKit **\u2014 CVE-2009-2816 \u2014 Available for Mac OS X, Windows 7, Windows Vista and Windows XP \u2014 An issue exists in WebKit\u2019s implementation of Cross-Origin Resource Sharing. Before allowing a page from one origin to access a resource in another origin, WebKit sends a preflight request to the latter server for access to the resource. WebKit includes custom HTTP headers specified by the requesting page in the preflight request. This can facilitate cross-site request forgery. Internally discovered by Apple.\n * **WebKit** \u2014 CVE-2009-3384 \u2014 Available for Windows 7, Windows Vista and Windows XP \u2014 Multiple vulnerabilities exist in WebKit\u2019s handling of FTP directory listings. Accessing a maliciously crafted FTP server may lead to information disclosure, unexpected application termination, or execution of arbitrary code. This update addresses the issues through improved parsing of FTP directory listings. These issues do not affect Safari on Mac OS X systems.\n * **WebKit** \u2014 CVE-2009-2841 \u2014 Available for Mac OS X (client and server) \u2014 When WebKit encounters an HTML 5 Media Element pointing to an external resource, it does not issue a resource load callback to determine if the resource should be loaded. This may result in undesired requests to remote servers. As an example, the sender of an HTML-formatted email message could use this to determine that the message was read. This issue is addressed by generating resource load callbacks when WebKit encounters an HTML 5 Media Element. This issue does not affect Safari on Windows systems.\n\nThe browser update is being pushed to Mac and Windows systems via Apple\u2019s software update utilities. Alternatively, Safari users can download the patches from [Apple\u2019s download site](<http://www.apple.com/safari/download/>).\n", "modified": "2018-08-15T14:12:22", "published": "2009-11-11T21:45:09", "id": "THREATPOST:213B2F3A19EB934CE4579B8DDEAC6AB4", "href": "https://threatpost.com/apple-patches-critical-safari-vulnerabilities-111109/73081/", "type": "threatpost", "title": "Apple Patches Critical Safari Vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:30:15", "description": "BUGTRAQ ID: 36357,36010,36994,36995,36997,36996\r\nCVE ID: CVE-2009-2804,CVE-2009-2414,CVE-2009-2416,CVE-2009-2842,CVE-2009-2816,CVE-2009-3384,CVE-2009-2841\r\n\r\nSafari\u662f\u82f9\u679c\u5bb6\u65cf\u673a\u5668\u64cd\u4f5c\u7cfb\u7edf\u4e2d\u9ed8\u8ba4\u6346\u7ed1\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\n\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528Safari\u6d4f\u89c8\u5668\u4e2d\u7684\u591a\u4e2a\u9519\u8bef\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3001\u8bfb\u53d6\u654f\u611f\u4fe1\u606f\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2804\r\n\r\n\u5904\u7406\u5305\u542b\u6709\u5d4c\u5165\u5f0f\u989c\u8272\u914d\u7f6e\u6587\u4ef6\u7684\u56fe\u5f62\u65f6\u5b58\u5728\u53ef\u5bfc\u81f4\u5806\u6ea2\u51fa\u7684\u6574\u6570\u6ea2\u51fa\uff0c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u6076\u610f\u56fe\u5f62\u5c31\u53ef\u80fd\u5bfc\u81f4\u6d4f\u89c8\u5668\u5d29\u6e83\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2414\uff0cCVE-2009-2416\r\n\r\nlibxml2\u5e93\u4e2d\u7684\u591a\u4e2a\u91ca\u653e\u540e\u4f7f\u7528\u6f0f\u6d1e\u53ef\u80fd\u5bfc\u81f4\u6d4f\u89c8\u5668\u610f\u5916\u7ec8\u6b62\u3002\r\n\r\nCVE-2009-2842\r\n\r\nSafari\u5904\u7406\u901a\u8fc7\u201c\u5728\u65b0\u6807\u7b7e\u9875\u4e2d\u6253\u5f00\u56fe\u5f62\u201d\u3001\u201c\u5728\u65b0\u7a97\u53e3\u4e2d\u6253\u5f00\u56fe\u5f62\u201d\u6216\u201c\u5728\u65b0\u6807\u7b7e\u9875\u4e2d\u6253\u5f00\u94fe\u63a5\u201d\u5feb\u6377\u83dc\u5355\u9009\u9879\u6240\u521d\u59cb\u5316\u7684\u5bfc\u822a\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u5bf9\u6076\u610f\u7f51\u7ad9\u4f7f\u7528\u8fd9\u4e9b\u9009\u9879\u53ef\u80fd\u52a0\u8f7d\u672c\u5730HTM\u6587\u4ef6\uff0c\u5bfc\u81f4\u6cc4\u6f0f\u654f\u611f\u4fe1\u606f\u3002\r\n\r\nCVE-2009-2816\r\n\r\nWebKit\u5b9e\u73b0\u8de8\u6e90\u8d44\u6e90\u5171\u4eab\u7684\u65b9\u5f0f\u5b58\u5728\u6f0f\u6d1e\u3002\u5728\u5141\u8bb8\u4e00\u4e2a\u6e90\u7684\u9875\u9762\u8bbf\u95ee\u53e6\u4e00\u4e2a\u6e90\u4e2d\u8d44\u6e90\u4e4b\u524d\uff0cWebKit\u5411\u540e\u8005\u670d\u52a1\u5668\u53d1\u9001\u4e86preflight\u8bf7\u6c42\u3002\u7531\u4e8eWebKit\u5305\u542b\u6709preflight\u6240\u8bf7\u6c42\u9875\u9762\u6307\u5b9a\u7684\u81ea\u5b9a\u4e49HTTP\u5934\uff0c\u8fd9\u6709\u5229\u4e8e\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u653b\u51fb\u3002\r\n\r\nCVE-2009-3384\r\n\r\nWebKit\u5904\u7406FTP\u5217\u51fa\u76ee\u5f55\u65b9\u5f0f\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\uff0c\u8bbf\u95ee\u6076\u610f\u7684FTP\u670d\u52a1\u5668\u53ef\u80fd\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\u3001\u6d4f\u89c8\u5668\u610f\u5916\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nCVE-2009-2841\r\n\r\nWebKit\u9047\u5230\u6307\u5411\u5916\u90e8\u8d44\u6e90\u7684HTML 5\u5a92\u4f53\u5143\u7d20\u65f6\u6ca1\u6709\u53d1\u5e03\u8d44\u6e90\u52a0\u8f7d\u56de\u8c03\u6765\u5224\u65ad\u662f\u5426\u5e94\u52a0\u88c5\u8d44\u6e90\uff0c\u8fd9\u53ef\u80fd\u5bfc\u81f4\u5bf9\u8fdc\u7a0b\u670d\u52a1\u5668\u7684\u975e\u9884\u671f\u8bf7\u6c42\u3002\u4f8b\u5982\uff0cHTML\u683c\u5f0f\u90ae\u4ef6\u7684\u53d1\u4ef6\u4eba\u53ef\u4ee5\u5224\u65ad\u6d88\u606f\u662f\u5426\u5df2\u8bfb\u3002\n\nApple Safari 4.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nApple\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.apple.com/safari/download/", "published": "2009-11-13T00:00:00", "type": "seebug", "title": "Safari 4.0.4\u7248\u672c\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2804", "CVE-2009-2816", "CVE-2009-2841", "CVE-2009-2842", "CVE-2009-3384"], "modified": "2009-11-13T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-12627", "id": "SSV:12627", "sourceData": "", "sourceHref": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}