Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:93F870242C8D8DFE6FB0218061E2532F
HistoryOct 24, 2011 - 12:00 a.m.

Apple Safari libxslt File Create

2011-10-2400:00:00
SAINT Corporation
my.saintcorporation.com
21

8.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON

Added: 10/24/2011
CVE: CVE-2011-1774
BID: 48840
OSVDB: 74017

Background

Safari is a web browser for Mac OS X and Windows.

Problem

Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice.

Resolution

Upgrade to Apple Safari 5.0.6 or later.

References

<http://support.apple.com/kb/HT4808&gt;

Limitations

This exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn).
The payload will not be executed until the next successful login.
The target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default.

Platforms

Windows

Related

metasploit 1
nessus 7
suse 1
saint 3
checkpoint_advisories 1
packetstorm 1
prion 1
cve 1
ubuntucve 1
freebsd 1
openvas 6
securityvulns 6
seebug 1
metasploit
metasploit
Cross Platform Webkit File Dropper
2011-10-18 16:30:28
nessus
nessus
SuSE 11.1 Security Update : libwebkit (SAT Patch Number 4917)
2011-07-29 00:00:00
FreeBSD : databases/postgresql*-server -- multiple vulnerabilities (07234e78-e899-11e1-b38d-0023ae8e59f0)
2012-08-20 00:00:00
Safari < 5.1 Multiple Vulnerabilities
2011-07-21 00:00:00
suse
suse
Security update for libwebkit (important)
2011-08-02 01:08:15
saint
saint
Apple Safari libxslt File Create
2011-10-24 00:00:00
Apple Safari libxslt File Create
2011-10-24 00:00:00
Apple Safari libxslt File Create
2011-10-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Webkit libxslt Arbitrary File Creation (CVE-2011-1774)
2011-12-27 00:00:00
packetstorm
packetstorm
Apple Safari Webkit libxslt Arbitrary File Creation
2011-10-18 00:00:00
prion
prion
Design/Logic Flaw
2011-07-21 23:55:00
cve
cve
CVE-2011-1774
2011-07-21 23:55:00
ubuntucve
ubuntucve
CVE-2011-1774
2011-07-21 00:00:00
freebsd
freebsd
databases/postgresql*-server -- multiple vulnerabilities
2012-08-17 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)
2011-08-12 00:00:00
Apple Safari Multiple Vulnerabilities - July 2011
2011-07-27 00:00:00
Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)
2011-08-12 00:00:00
securityvulns
securityvulns
WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
2011-08-01 00:00:00
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
2011-07-22 00:00:00
Apple iTunes multiple security vulnerabilities
2011-10-16 00:00:00
seebug
seebug
Apple iTunes多个安全漏洞
2011-10-13 00:00:00

8.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:C/A:C

0.968 High

EPSS

Percentile

99.7%

JSON
Related for SAINT:93F870242C8D8DFE6FB0218061E2532F
metasploit1nessus7suse1saint3checkpoint_advisories1packetstorm1prion1cve1ubuntucve1freebsd1openvas6securityvulns6seebug1