OSVDB ID: 40665

Title: Apple Mac OS X WebCore Browser History Memory Corruption Unspecified Code Execution

Info

Disclosure

Nov 15, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Nov 15, 2007

Description

A memory corruption flaw exists in Mac OS X. Safari fails to validate requests related to browser history resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required, Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 10.4.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.	Mac OS X	10.4.3
		10.4.4
		10.4.1
		10.4.6
		10.4.8
		10.4.2
		10.4.10
		10.4.5
		10.4.7
		10.4.9
		10.4

References

Security Tracker: 1018948
CVE ID: 2007-4697 (see also: NVD)
Bugtraq ID: 26444
Secunia Advisory ID: 27643
ISS X-Force ID: 38483
Related OSVDB ID: 40661 40662 40663 40664 40666 40667 40668 40669 40670 40671 40672 40673 40674 40675 40676 40677 40678 40679 40680 40681 40682 40683 40684 40685 40686 40687 40688 40689 40690 40691 40693
VUPEN Advisory: ADV-2007-3868
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=307041
Mail List Post: http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
CERT: TA07-319A

Credit

David Bloom -

Direct URL: http://osvdb.org/40665

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit