SAINT CorporationSAINT:CA6905BBAD25DF95445E777989303FCFApple Safari parent.close() Invalid Pointer Code Execution
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.4%
Added: 05/28/2010
CVE: CVE-2010-1939
BID: 39990
OSVDB: 64482
Background
Safari is a web browser for Mac OS X and Windows.
Problem
Apple Safari 4.0.5 for Windows (and probably earlier) allows remote attackers to execute arbitrary code by enticing the user to open a crafted HTML document. The crafted HTML page can create a pop-up window using the window.open() method, and then call the parent window’s window.close() method, thereby triggering the vulnerability due to an invalid pointer.
Resolution
Enable the browser pop-up blocker (this is normally enabled by default in Safari). Consider disabling JavaScript in Safari. Upgrade when a fixed release becomes available.
References
<http://secunia.com/advisories/39670>
<http://www.kb.cert.org/vuls/id/943165>
Limitations
Exploit works on Apple Safari 4.0.5 for Windows.
The exploit web page must be the first page loaded into the Apple Safari browser instance on the target.
Pop-Up windows must be enabled on the target Apple Safari browser, i.e., disable the pop-up blocker.
The vulnerability is triggered when the user closes the pop-up window with [Alt + F4]. It may take a longer time than normal to establish the shell session.
Platforms
Windows
Related
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.957 High
EPSS
Percentile
99.4%