KLA10075
Multiple vulnerabilities in Apple Safari
Обновлено: 17/06/2019
Дата обнаружения
25/07/2012
Уровень угрозы
Critical
Описание

Multiple critical vulnerabilities have been found in Apple Safari. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information, inject code, bypass security restrictions, spoof user interfaces or read local files. Below is a complete list of vulnerabilities

  1. Unknown vectors can be exploited via a specially designed web site;
  2. Improper handling of autocomoplete can be exploited remotely by leveraging workstations;
  3. Uninitialized memory access can be exploited remotely via a specially designed web site;
  4. Incomplete blacklists can be exploited remotely via homoglyphs;
  5. Improper drag-n-drop handling can be exploited remotely via a specially designed web-site;
  6. Improper CSS handling can be exploited remotely via a specially designed web site;
  7. CRLF injections can be exploited remotely via a specially designed web site;
  8. Improper ‘file:’ URL handling can be exploited remotely via a WebProcess compromise;
  9. XSS can be exploited remotely via a specially designed web site or ‘feed:’ URL;
  10. Unknown vectors can be exploited remotely via ‘feed:’ URLs.
Пораженные продукты

Apple Safari versions 5.1.7 and earlier

Решение

5.1.7 became latest version for windows, still containing this vulnerabilities. You can choose another browser to use.

Первичный источник обнаружения
Apple mailing list
Apple safari 5.1.8
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]

CI 
[?]

SB 
[?]

RLF 
[?]

SUI 
[?]
Связанные продукты
Safari for Windows
CVE-IDS
CVE-2012-36915.8High
CVE-2012-36904.3Warning
CVE-2012-36269.3Critical
CVE-2012-36279.3Critical
CVE-2012-36369.3Critical
CVE-2012-36539.3Critical
CVE-2012-36559.3Critical
CVE-2012-36569.3Critical
CVE-2012-36159.3Critical
CVE-2012-36935.0Critical
CVE-2012-15209.3Critical
CVE-2012-36099.3Critical
CVE-2012-36504.3Warning
CVE-2012-35939.3Critical
CVE-2012-35899.3Critical
CVE-2012-36039.3Critical
CVE-2012-36059.3Critical
CVE-2012-36049.3Critical
CVE-2012-06805.0Critical
CVE-2012-36679.3Critical
CVE-2012-36964.3Warning
CVE-2012-36944.3Warning
CVE-2012-36954.3Warning
CVE-2012-36299.3Critical
CVE-2012-36409.3Critical
CVE-2012-36089.3Critical
CVE-2012-35999.3Critical
CVE-2012-06784.3Warning
CVE-2012-36359.3Critical
CVE-2012-36349.3Critical
CVE-2012-36259.3Critical
CVE-2012-36459.3Critical
CVE-2012-06839.3Critical
CVE-2012-36639.3Critical
CVE-2012-35969.3Critical
CVE-2012-35949.3Critical
CVE-2012-36209.3Critical
CVE-2012-36119.3Critical
CVE-2012-36709.3Critical
CVE-2012-35979.3Critical
CVE-2012-36009.3Critical
CVE-2012-36339.3Critical
CVE-2012-36789.3Critical
CVE-2012-36799.3Critical
CVE-2012-36289.3Critical
CVE-2012-36379.3Critical
CVE-2012-36749.3Critical
CVE-2012-36399.3Critical
CVE-2012-36109.3Critical
CVE-2012-36189.3Critical
CVE-2012-35919.3Critical
CVE-2012-35929.3Critical
CVE-2012-06794.3Warning
CVE-2012-36419.3Critical
CVE-2012-35959.3Critical
CVE-2012-36977.1High
CVE-2012-36389.3Critical
CVE-2012-35908.8Critical
CVE-2012-36895.8High
CVE-2012-36619.3Critical
CVE-2012-36319.3Critical
CVE-2012-06829.3Critical
CVE-2012-36689.3Critical
CVE-2012-36699.3Critical
CVE-2012-36649.3Critical
CVE-2012-36659.3Critical
CVE-2012-36669.3Critical
CVE-2012-36839.3Critical
CVE-2012-36469.3Critical
CVE-2012-36869.3Critical
CVE-2012-36429.3Critical
CVE-2012-36309.3Critical
CVE-2012-36449.3Critical
CVE-2012-36829.3Critical
CVE-2012-36809.3Critical
CVE-2012-36819.3Critical