Soluzioni per la vulnerabilità
 |
scansioni aggiunte negli ultimi 7 giorni |
| La Scansione Vulnerabilità periodica di Nimsoft Cloud Monitor verifica le vulnerabilità riportate qui sotto. Per visualizzare le soluzioni per la vulnerabilità più recenti scansionate da WatchMouse, visitare la pagina sulla panoramica delle Soluzioni per la vulnerabilità |
| Categoria: Windows | Fattore di rischio: High | Aggiunto il: 13 mar 2010 |
| Synopsis: The remote host contains a web browser that is affected by several vulnerabilities. Description: The version of Safari installed on the remote Windows host is earlier than 4.0.5. Such versions are potentially affected by several issues : - A buffer underflow in ImageIO's handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2009-2285) - An integer overflow in the handling of images with an embedded color profile could lead to a crash or arbitrary code execution. (CVE-2010-0040) - An uninitialized memory access issue in ImageIO's handling of BMP images could result in sending of data from Safari's memory to a website. (CVE-2010-0041) - An uninitialized memory access issue in ImageIO's handling of TIFF images could result in sending of data from Safari's memory to a website. (CVE-2010-0042) - A memory corruption issue in the handling of TIFF images could lead to a crash or arbitrary code execution. (CVE-2010-0043) - An implementation issue in the handling of cookies set by RSS and Atom feeds could result in a cookie being set when visiting or updating a feed even if Safari is configured to block cookies via the 'Accept Cookies' preference. (CVE-2010-0044) - An issue in Safari's handling of external URL schemes could cause a local file to be opened in response to a URL encountered on a web page, which could allow a malicious web server to execute arbitrary code. (CVE-2010-0045) - A memory corruption issue in WebKit's handling of CSS format() arguments could lead to a crash or arbitrary code execution. (CVE-2010-0046) - A use-after-free issue in the handling of HTML object element fallback content could lead to a crash or arbitrary code execution. (CVE-2010-0047) - A use-after-free issue in WebKit's parsing of XML documents could lead to a crash or arbitrary code execution. (CVE-2010-0048) - A use-after-free issue in the handling of HTML elements containing right-to-left displayed text could lead to a crash or arbitrary code execution. (CVE-2010-0049) - A use-after-free issue in WebKit's handling of incorrectly nested HTML tags could lead to a crash or arbitrary code execution. (CVE-2010-0050) - An implementation issue in WebKit's handling of cross- origin stylesheet requests when visiting a malicious website could result in disclosure of the content of protected resources on another website. (CVE-2010-0051) - A use-after-free issue in WebKit's handling of callbacks for HTML elements could lead to a crash or arbitrary code execution. (CVE-2010-0052) - A use-after-free issue in the rendering of content with a CSS display property set to 'run-in' could lead to a crash or arbitrary code execution. (CVE-2010-0053) - A use-after-free issue in WebKit's handling of HTML image elements could lead to a crash or arbitrary code execution. (CVE-2010-0054) See also: http://support.apple.com/kb/HT4070 http://lists.apple.com/archives/security-announce/2010/mar/msg00000.html http://www.securityfocus.com/advisories/19255 Solution: Upgrade to Safari 4.0.5 or later. Risk factor: High / CVSS Base Score : 9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) |
||
