Secunia Advisory: SA29846
Release Date: 2008-04-17
Critical: Highly critical
Impact: Cross Site Scripting
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Safari 3.x
Safari for Windows 3.x
CVE reference:
CVE-2008-1025 (Secunia mirror)
CVE-2008-1026 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.
1) An error exists in the handling of URLs containing a colon character in the host name. This can be exploited to conduct cross-site scripting attacks when a specially crafted URL is opened.
2) An integer overflow error exists in WebKit's regular expression compiler in JavaScriptCore/pcre/pcre_compile.cpp. This can be exploited to cause a heap-based buffer overflow via specially crafted regular expressions with large, nested repetition counts.
Successful exploitation may allow execution of arbitrary code e.g. when a user visits a malicious web page.
The vulnerabilities are reported in versions prior to 3.1.1.
Solution:
Update to version 3.1.1.
http://www.apple.com/support/downloads/safari311.html
Bollettino Sicurezza
Release Date: 2008-04-17
Critical: Highly critical
Impact: Cross Site Scripting
DoS
System access
Where: From remote
Solution Status: Vendor Patch
Software: Safari 3.x
Safari for Windows 3.x
CVE reference:
CVE-2008-1025 (Secunia mirror)
CVE-2008-1026 (Secunia mirror)
Description:
Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.
1) An error exists in the handling of URLs containing a colon character in the host name. This can be exploited to conduct cross-site scripting attacks when a specially crafted URL is opened.
2) An integer overflow error exists in WebKit's regular expression compiler in JavaScriptCore/pcre/pcre_compile.cpp. This can be exploited to cause a heap-based buffer overflow via specially crafted regular expressions with large, nested repetition counts.
Successful exploitation may allow execution of arbitrary code e.g. when a user visits a malicious web page.
The vulnerabilities are reported in versions prior to 3.1.1.
Solution:
Update to version 3.1.1.
http://www.apple.com/support/downloads/safari311.html
Bollettino Sicurezza