SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple Computer
(Apple Issues Fix for Safari on Windows) Mac OS X ImageIO TIFF and JPEG Processing Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021229
SecurityTracker URL:  http://securitytracker.com/id/1021229
CVE Reference:   CVE-2008-2332, CVE-2008-3608   (Links to External Site)
Date:  Nov 14 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 3.2
Description:   Two vulnerabilities were reported in Mac OS X ImageIO. A remote user can cause arbitrary code to be executed on the target user's system. Apple Safari for Windows is affected.

A remote user can create a specially crafted TIFF or JPEG file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Robert Swiecki of Google Security Team reported the TIFF file vulnerability.

Impact:   A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   Apple has issued a fixed version of Safari for Windows (3.2), which is affected by this vulnerability. The fix is available via the Apple Software Update application, or Apple's Safari download site at:

http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: 38be6fb56f20de8c312956cd0df40d39584bce53

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 6da9ca61479ce287cea476617253f6a93cbc6aa8

The vendor's advisory is available at:

http://support.apple.com/kb/HT3298

Vendor URL:  support.apple.com/kb/HT3298 (Links to External Site)
Cause:   Access control error
Underlying OS:   Windows (Vista), Windows (XP)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 16 2008 Mac OS X ImageIO TIFF and JPEG Processing Bugs Let Remote Users Execute Arbitrary Code



 Source Message Contents

Date:  Thu, 13 Nov 2008 23:38:17 -0500
Subject:  Apple Safari



http://support.apple.com/kb/HT3298

CVE-2008-2332
CVE-2008-3608
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC