Multiple vulnerabilities have been identified in Apple Safari, which could be exploited by remote attackers to disclose sensitive information or compromise a vulnerable system.
The first issue is caused by an error when handling BMP and GIF images, which could cause an out-of-bounds memory read, leading to the disclosure of memory contents.
The second weakness is caused by an error when handling files that are downloaded from a website which is in an Internet Explorer 7 zone with the "Launching applications and unsafe files" setting set to "Enable", or in the Internet Explorer 6 "Local intranet" or "Trusted sites" zone, which could cause Safari to automatically launch executable files.
The third vulnerability is caused by a memory corruption error in WebKit when handling certain JavaScript arrays, which could be exploited to crash an affected browser or execute arbitrary code.
Credits
Vulnerabilities reported by Gynvael Coldwind (Hispasec), Will Dormann(CERT/CC) and James Urquhart.
ChangeLog
2008-06-20 : Initial release
Vulnerability Management
Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.
French
