Update Protection against Apple Safari CSS format Argument Handling Memory Corruption
| Check Point Reference: | CPAI-2010-131 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA38932 | |
| Industry Reference(s): | CVE-2010-0046 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apple Safari prior to 4.0.5 | ||
| Vulnerability Description A memory corruption vulnerability exists in Apple Safari, a web browsing application developed by Apple. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The vulnerability is due to an error while processing CSS format arguments. A remote attacker can exploit this vulnerability by convincing a target user to open a malicious web page with a vulnerable application. |
||
|
Update/Patch Available The vendor, Apple, has released an advisory addressing this vulnerability. |
|
|
Vulnerability Details The vulnerability is due to an error in a CSS function. The function incorrectly checks the type of the value being passed to the format parameter. Remote attackers could exploit this vulnerability by convincing the target user to view a malicious HTML document, which allows injection and execution of arbitrary code. |
Protection Overview
The protection will detect and block HTML documents containing malformed CSS statements.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.