search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Apple Safari WebKit component vulnerable to buffer overflow

Vulnerability Note VU#351217

Original Release Date: 2006-03-03 | Last Revised: 2006-03-06

Overview

Apple Safari WebKit component is vulnerable to buffer overflow. This may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition.

Description

Safari

Apple Safari is a web browser that comes with the Mac OS X operating system.

WebKit

According to Apple:

WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X for use in your applications.
More information is available at the WebKit Project website.

The Problem

The Apple Safari WebKit component contains a heap-based buffer overflow. This vulnerability can be triggered by persuading a user to access a specially crafted web page with Safari.

Considerations

WebKit may be used in other Apple software including, but not limited to Dashboard and Mail.

Impact

A remote attacker may be able to execute arbitrary code or crash any application using WebKit

Solution

Install an update
This issue is correced in Apple Security Update 2006-001.

Vendor Information

351217
 
Expand all

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

Acknowledgements

This issue was reported in Apple Security Update 2006-001. Apple credits Suresec LTD with reporting this issue.

This document was written by Jeff Gennari

Other Information

CVE IDs: CVE-2005-4504
Severity Metric: 17.21
Date Public: 2005-12-22
Date First Published: 2006-03-03
Date Last Updated: 2006-03-06 16:15 UTC
Document Revision: 16

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis