Safari < 3.2 Multiple Vulnerabilities

The version of Safari installed on the remote Windows host is earlier than 3.2. Such versions are potentially affected by several issues :

• Safari includes a version of zlib that is affected by multiple vulnerabilities. (CVE-2005-2096)
• A heap buffer overflow issue in the libxslt library could lead to a crash or arbitrary code execution. (CVE-2008-1767)
• A signedness issue in Safari’s handling of JavaScript array indices could lead to a crash or arbitrary code execution. (CVE-2008-2303)
• A memory corruption issue in WebCore’s handling of style sheet elements could lead to a crash or arbitrary code execution. (CVE-2008-2317)
• Multiple uninitialized memory access issues in libTIFF’s handling of LZW-encoded TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2327)
• A memory corruption issue in ImageIO’s handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2008-2332).
• A memory corruption issue in ImageIO’s handling of embedded ICC profiles in JPEG images could lead to a crash or arbitrary code execution. (CVE-2008-3608)
• A heap buffer overflow in CoreGraphics’ handling of color spaces could lead to a crash or arbitrary code execution. (CVE-2008-3623)
• A buffer overflow in the handling of images with an embedded ICC profile could lead to a crash or arbitrary code execution. (CVE-2008-3642)
• Disabling autocomplete on a form field may not prevent the data in the field from being stored in the browser page cache. (CVE-2008-3644)
• WebKit’s plug-in interface does not block plug-ins from launching local URLs, which could allow a remote attacker to launch local files in Safari and lead to the disclosure of sensitive information. (CVE-2008-4216)