Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23383
HistoryMar 15, 2010 - 12:00 a.m.

VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability

2010-03-1500:00:00
vulners.com
21

VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow
Vulnerability

http://www.vupen.com/english/research.php

I. BACKGROUND

"Safari is a web browser developed by Apple. As of February 2010,
Safari was the fourth most widely used browser, with 4.45% of the
worldwide usage share of web browsers according to Net Application."

II. DESCRIPTION

VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Safari.

The flaw is caused by an integer overflow error in ColorSync when
processing certain images with an embedded color profile, which
could be exploited by attackers to potentially execute arbitrary
code via a specially crafted web page.

III. AFFECTED PRODUCTS

Apple Safari versions prior to 4.0.5

IV. Exploits - PoCs & Binary Analysis

In-depth binary analysis of the vulnerability and a proof-of-concept
have been released by VUPEN through the VUPEN Binary Analysis
& Exploits Service :

http://www.vupen.com/exploits

V. SOLUTION

Upgrade to Apple Safari 4.0.5:
http://www.apple.com/safari/download/

VI. CREDIT

The vulnerability was discovered by Sebastien Renaud of VUPEN Security

VII. ABOUT VUPEN Security

VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be
exploited, ensure security policy compliance and meaningfully measure
and manage risks.

VUPEN also provides in-depth binary analysis of vulnerabilities and
commercial-grade exploit codes to help security vendors, governments,
and corporations to evaluate and qualify risks, and protect their
infrastructures and assets.

  • VUPEN Vulnerability Notification Service:

http://www.vupen.com/english/services

  • VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/exploits

VIII. REFERENCES

http://www.vupen.com/english/advisories/2010/0599
http://support.apple.com/kb/HT4070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0040

IX. DISCLOSURE TIMELINE

2009-12-03 - Vendor notified
2009-12-07 - Vendor response
2010-01-26 - Status update received
2010-03-04 - Status update received
2010-03-12 - Coordinated public Disclosure

Related for SECURITYVULNS:DOC:23383