(Apple Issues Fix for Safari on Windows) Mac OS X ImageIO TIFF and JPEG Processing Bugs Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Web Browser) > Apple Safari

Vendors: Apple Computer

(Apple Issues Fix for Safari on Windows) Mac OS X ImageIO TIFF and JPEG Processing Bugs Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1021229

SecurityTracker URL: http://securitytracker.com/id/1021229

CVE Reference: CVE-2008-2332, CVE-2008-3608 (Links to External Site)

Date: Nov 14 2008

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Version(s): prior to 3.2

Description: Two vulnerabilities were reported in Mac OS X ImageIO. A remote user can cause arbitrary code to be executed on the target user's system. Apple Safari for Windows is affected.

A remote user can create a specially crafted TIFF or JPEG file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Robert Swiecki of Google Security Team reported the TIFF file vulnerability.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: Apple has issued a fixed version of Safari for Windows (3.2), which is affected by this vulnerability. The fix is available via the Apple Software Update application, or Apple's Safari download site at:

http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: 38be6fb56f20de8c312956cd0df40d39584bce53

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 6da9ca61479ce287cea476617253f6a93cbc6aa8

The vendor's advisory is available at:

http://support.apple.com/kb/HT3298

Vendor URL: support.apple.com/kb/HT3298 (Links to External Site)

Cause: Access control error

Underlying OS: Windows (Vista), Windows (XP)

Message History: This archive entry is a follow-up to the message listed below.

Mac OS X ImageIO TIFF and JPEG Processing Bugs Let Remote Users Execute Arbitrary Code

Source Message Contents

Date: Thu, 13 Nov 2008 23:38:17 -0500
Subject: Apple Safari



http://support.apple.com/kb/HT3298

CVE-2008-2332
CVE-2008-3608

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC