Vulnerability Note VU#566132
Apple Mac OS X WebKit may allow code execution when visiting a malicious website
A vulnerability in Apple Mac OS X WebKit may allow an attacker to execute arbitrary code on an affected system.
From the OpenDarwin WebKit project description,
Per Apple, an attacker may be able to create a specially crafted HTML document that could cause a previously deallocated object to be accessed.
By convincing a user to view a specially crafted web page or HTML file, a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user or crash the program that opened the malicious document.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||02 Aug 2006||02 Aug 2006|
CVSS Metrics (Learn More)
Thanks to Apple Product Security for reporting this vulnerability. Apple in turn thanks Jesse Ruderman of the Mozilla Corporation.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-3505
- Date Public: 01 Aug 2006
- Date First Published: 02 Aug 2006
- Date Last Updated: 02 Aug 2006
- Severity Metric: 1.64
- Document Revision: 29
If you have feedback, comments, or additional information about this vulnerability, please send us email.