Apple Safari Malformed VML Data Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	03/29/2010
Severity:	High
Operating Systems Affected:	Apple iPhone OS 3.1.3 for iPod touch
Application Affected:	Safari
Identifiers:	CVE-2010-1179

Synopsis

Safari on Apple iPhone OS 3.1.3 for iPod touch is prone to remote code execution vulnerability. This could be exploited by an attacker to execute arbitrary code on the affected system.

Recommended Actions

Update the patches as guided by vendor at :
http://www.apple.com/downloads/

Threat Analysis

A remote code execution vulnerability exists in Safari on Apple iPhone OS 3.1.3 for iPod touch. Vulnerability is caused due to large integer in the numcolors attribute of a recolorinfo element in a VML file.

A remote attacker may exploit this issue by persuading the user to visit a specially crafted web page that can lead the Safari browser to freeze and finally crash. Successful exploits can allow an attacker to run arbitrary code in the context of the user running the application.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1179

Write-up by: Anupam Kumar