Apple
Safari window.open Function Remote Code Execution Vulnerability
Date Discovered:
05/13/2010
Severity:
High
Operating Systems
Affected:
Microsoft
Windows
Application
Affected:
Apple
Safari 4.0.5
Identifiers:
CVE-2010-1939
Synopsis
A
remote code execution vulnerability has been identified in Apple
Safari, which could be exploited by remote attackers to compromise a
vulnerable system.
Recommended Actions
1.) Update the antivirus and IDS/IPS signatures definitions.
2.) Disable JavaScript in Apple Safari.
Threat Analysis
Apple
Safari version 4.0.5 is prone to a Use-after-free vulnerability which
could allow remote code-execution. Issue is because application fails
to properly handle references to window objects. It may allow a window
object to be deleted while references to the object may still exist.
A remote attacker can exploit this issue by using window.open to create
a popup window for a crafted HTML page and then calling the parent
window's close method.
Successful exploitation will allow an attacker to run arbitrary code in
the context of the user running the application. Failed attacks will
cause denial-of-service conditions.
