Tenable700166.PRMSafari < 10.1.2 Multiple Vulnerabilities
Versions of Safari prior to 10.1.2 are affected by multiple vulnerabilities :
- An information disclosure vulnerability exists in the WebKit component due to improper handling of SVG filters. An unauthenticated, remote attacker can exploit this, via a timing side-channel attack, to disclose sensitive cross-domain information. (CVE-2017-7006)
- An unspecified flaw exists that allows an unauthenticated, remote attacker to spoof the address bar via a specially crafted website. (CVE-2017-7011)
- Multiple memory corruption issues exists in the ‘WebKit Web Inspector’ component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7012)
- Multiple memory corruption issues exist in the WebKit component due to improper validation of input. An unauthenticated, remote attacker can exploit these issues, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7018, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061)
- A memory corruption issue exists in the ‘WebKit Page Loading’ component due to improper validation of input. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to execute arbitrary code. (CVE-2017-7019)
- Multiple cross-site scripting (XSS) vulnerabilities exist in the WebKit component in the DOMParser due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these issue, via a specially crafted URL, to execute arbitrary script code in a user’s browser session. (CVE-2017-7038, CVE-2017-7059)
- A denial of service vulnerability exists in the Safari Printing component. An unauthenticated, remote attacker can exploit this, via a specially crafted web page, to create an infinite number of print dialogs. (CVE-2017-7060)
- An unspecified memory initialization flaw exists in WebKit. A local attacker can exploit this, via a specially crafted application, to disclose restricted memory. (CVE-2017-7064)
Binary data 700166.prmReferences
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7006
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7018
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7019
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7034
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7037
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7064
seclists.org/fulldisclosure/2017/Jul/39
support.apple.com/en-us/HT207921
Related
