Vulnerability Note VU#351217

Apple Safari WebKit component vulnerable to buffer overflow

Original Release date: 03 Mar 2006 | Last revised: 06 Mar 2006

Overview

Apple Safari WebKit component is vulnerable to buffer overflow. This may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Description

Safari

Apple Safari is a web browser that comes with the Mac OS X operating system.

WebKit

According to Apple:

    WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X for use in your applications.
More information is available at the WebKit Project website.

The Problem

The Apple Safari WebKit component contains a heap-based buffer overflow. This vulnerability can be triggered by persuading a user to access a specially crafted web page with Safari.

Considerations

WebKit may be used in other Apple software including, but not limited to Dashboard and Mail.

Impact

A remote attacker may be able to execute arbitrary code or crash any application using WebKit

Solution

Install an update
This issue is correced in Apple Security Update 2006-001.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer, Inc.Affected-03 Mar 2006
NokiaUnknown06 Mar 200606 Mar 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This issue was reported in Apple Security Update 2006-001. Apple credits Suresec LTD with reporting this issue.

This document was written by Jeff Gennari

Other Information

  • CVE IDs: CVE-2005-4504
  • Date Public: 22 Dec 2005
  • Date First Published: 03 Mar 2006
  • Date Last Updated: 06 Mar 2006
  • Severity Metric: 17.21
  • Document Revision: 15

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.