漏洞起因
输入验证错误
影响系统
Apple Safari 3.2.2 for Windows
Apple Safari 3.1.2 for Windows
Apple Safari 3.1.2
Apple Safari 3.1.1 for Windows
Apple Safari 3.1.1
Apple Safari 3.0.4 Beta for Windows
Apple Safari 3.0.3
Apple Safari 3.0.3
Apple Safari 3.0.2 Beta for Windows
Apple Safari 3.0.2 Beta
Apple Safari 3.0.1 Beta for Windows
Apple Safari 3.0.1 Beta
Apple Safari 4 Beta
Apple Safari 3.2
Apple Safari 3.1 for Windows
Apple Safari 3.1
Apple Safari 3 Beta for Windows
Apple Safari 3 Beta
Apple Safari 3
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.5
不受影响系统
Apple Safari 3.2.3 for Windows
Apple Safari 3.2.3
Apple Mac OS X Server 10.5.7
Apple Mac OS X 10.5.7
危害
远程攻击可以利用漏洞获得敏感信息。
攻击所需条件
攻击者必须构建恶意WEB页,诱使用户访问。
漏洞信息
Apple Mac OS是一款基于BSD的操作系统。
Apple Mac OS包含的safari处理"feed:" URL存在多个输入验证问题,远程攻击可以利用漏洞构建恶意"feed:" URL诱使用户访问执行任意JavaScript。
构建恶意WEB页,诱使用户打开,可触发此漏洞。
测试方法
厂商解决方案
升级程序:
Apple Mac OS X Server 10.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Safari 3.2
Apple Safari3.2.3Leo.dmg
Safari for Mac OS X v10.5.7
http://www.apple.com/safari/download/
Apple Safari3.2.3Ti.dmg
Safari for Mac OS X v10.4.11
http://www.apple.com/safari/download/
Apple Mac OS X 10.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.5.1
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.1
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.2
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.2
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.3
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.3
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.4
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.4
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X Server 10.5.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.5.6
Apple MacOSXUpd10.5.7.dmg
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg
Apple Mac OS X Server 10.5.6
Apple MacOSXServerUpd10.5.7.dmg
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg
Apple Safari 3.2.2 for Windows
Apple SafariQuickTimeSetup.exe
Safari+QuickTime for Windows XP or Vista
http://www.apple.com/safari/download/
漏洞提供者
Billy Rios with Microsoft Vulnerability Research (MSVR) and Alfredo Melloni
Copyright © Since 2009 ZeroBox Vulnerability DatabaseAll rights reserved | 冀ICP备09018685号 | | 
Powered by WordPress | Theme zBench | 服务器支持:安信网络