Kaspersky Threats

Дата обнаружения

25/07/2012

Уровень угрозы

Critical

Описание

Multiple critical vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, inject code, bypass security restrictions, spoof user interfaces or read local files. Below is a complete list of vulnerabilities

Unknown vectors can be exploited via a specially designed web site;
Improper handling of autocomoplete can be exploited remotely by leveraging workstations;
Uninitialized memory access can be exploited remotely via a specially designed web site;
Incomplete blacklists can be exploited remotely via homoglyphs;
Improper drag-n-drop handling can be exploited remotely via a specially designed web-site;
Improper CSS handling can be exploited remotely via a specially designed web site;
CRLF injections can be exploited remotely via a specially designed web site;
Improper ‘file:’ URL handling can be exploited remotely via a WebProcess compromise;
XSS can be exploited remotely via a specially designed web site or ‘feed:’ URL;
Unknown vectors can be exploited remotely via ‘feed:’ URLs.

Пораженные продукты

Apple Safari versions 5.1.7 and earlier

Решение

5.1.7 became latest version for windows, still containing this vulnerabilities. You can choose another browser to use.

Первичный источник обнаружения

Apple mailing list
Apple safari 5.1.8

Оказываемое влияние

?

OSI

[?]

DoS

[?]

CI

[?]

SB

[?]

RLF

[?]

SUI

[?]

Связанные продукты

Safari for Windows

CVE-IDS

Узнай статистику распространения уязвимостей в твоем регионе

Дата обнаружения	25/07/2012
Уровень угрозы	Critical
Описание	Multiple critical vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, inject code, bypass security restrictions, spoof user interfaces or read local files. Below is a complete list of vulnerabilities Unknown vectors can be exploited via a specially designed web site; Improper handling of autocomoplete can be exploited remotely by leveraging workstations; Uninitialized memory access can be exploited remotely via a specially designed web site; Incomplete blacklists can be exploited remotely via homoglyphs; Improper drag-n-drop handling can be exploited remotely via a specially designed web-site; Improper CSS handling can be exploited remotely via a specially designed web site; CRLF injections can be exploited remotely via a specially designed web site; Improper ‘file:’ URL handling can be exploited remotely via a WebProcess compromise; XSS can be exploited remotely via a specially designed web site or ‘feed:’ URL; Unknown vectors can be exploited remotely via ‘feed:’ URLs.
Пораженные продукты	Apple Safari versions 5.1.7 and earlier
Решение	5.1.7 became latest version for windows, still containing this vulnerabilities. You can choose another browser to use.
Первичный источник обнаружения	Apple mailing list Apple safari 5.1.8
Оказываемое влияние ?	OSI [?] DoS [?] CI [?] SB [?] RLF [?] SUI [?]
Связанные продукты	Safari for Windows
CVE-IDS	CVE-2012-36915.8High CVE-2012-36904.3Warning CVE-2012-36269.3Critical CVE-2012-36279.3Critical CVE-2012-36369.3Critical CVE-2012-36539.3Critical CVE-2012-36559.3Critical CVE-2012-36569.3Critical CVE-2012-36159.3Critical CVE-2012-36935.0Critical CVE-2012-15209.3Critical CVE-2012-36099.3Critical CVE-2012-36504.3Warning CVE-2012-35939.3Critical CVE-2012-35899.3Critical CVE-2012-36039.3Critical CVE-2012-36059.3Critical CVE-2012-36049.3Critical CVE-2012-06805.0Critical CVE-2012-36679.3Critical CVE-2012-36964.3Warning CVE-2012-36944.3Warning CVE-2012-36954.3Warning CVE-2012-36299.3Critical CVE-2012-36409.3Critical CVE-2012-36089.3Critical CVE-2012-35999.3Critical CVE-2012-06784.3Warning CVE-2012-36359.3Critical CVE-2012-36349.3Critical CVE-2012-36259.3Critical CVE-2012-36459.3Critical CVE-2012-06839.3Critical CVE-2012-36639.3Critical CVE-2012-35969.3Critical CVE-2012-35949.3Critical CVE-2012-36209.3Critical CVE-2012-36119.3Critical CVE-2012-36709.3Critical CVE-2012-35979.3Critical CVE-2012-36009.3Critical CVE-2012-36339.3Critical CVE-2012-36789.3Critical CVE-2012-36799.3Critical CVE-2012-36289.3Critical CVE-2012-36379.3Critical CVE-2012-36749.3Critical CVE-2012-36399.3Critical CVE-2012-36109.3Critical CVE-2012-36189.3Critical CVE-2012-35919.3Critical CVE-2012-35929.3Critical CVE-2012-06794.3Warning CVE-2012-36419.3Critical CVE-2012-35959.3Critical CVE-2012-36977.1High CVE-2012-36389.3Critical CVE-2012-35908.8Critical CVE-2012-36895.8High CVE-2012-36619.3Critical CVE-2012-36319.3Critical CVE-2012-06829.3Critical CVE-2012-36689.3Critical CVE-2012-36699.3Critical CVE-2012-36649.3Critical CVE-2012-36659.3Critical CVE-2012-36669.3Critical CVE-2012-36839.3Critical CVE-2012-36469.3Critical CVE-2012-36869.3Critical CVE-2012-36429.3Critical CVE-2012-36309.3Critical CVE-2012-36449.3Critical CVE-2012-36829.3Critical CVE-2012-36809.3Critical CVE-2012-36819.3Critical
	Узнай статистику распространения уязвимостей в твоем регионе

KLA10075Multiple vulnerabilities in Apple Safari

KLA10075
Multiple vulnerabilities in Apple Safari