Tenable801007.PRMSafari < 4.0.3 Multiple Vulnerabilities
The version of Safari installed on the remote host is earlier than 4.0.3. Such versions are potentially affected by several issues :
-
A buffer overflow exists in the handling of EXIF metadata could lead to a crash or arbitrary code execution. (CVE-2009-2188)
-
A vulnerability in WebKit’s parsing of floating point numbers may allow for remote code execution. (CVE-2009-2195)
-
A vulnerability in Safari may let a malicious website to be promoted in Safari’s Top Sites. (CVE-2009-2196)
-
A vulnerability in how WebKit renders an URL with look alike characters could be used to masquerade a website. (CVE-2009-2199)
-
A vulnerability in WebKit may lead to the disclosure of sensitive information. (CVE-2009-2200)
-
A heap buffer overflow in CoreGraphics involving the drawing of long text strings could lead to a crash or arbitrary code execution. (CVE-2009-2468)
Binary data 801007.prmReferences
.securityfocus.com/advisories/17616
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2188
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2199
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2200
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2468
lists.apple.com/archives/security-announce/2009/aug/msg00002.html
support.apple.com/kb/HT3733
Related
