|
|
|
Credit:
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=870
|
|
Vulnerable Systems:
* Google Chrome 3.0.195.38
* Google Chrome 4.0.249.78
* Safari 4.0.4 on Windows XP
* Safari 4.0.4 on OS X 10.5.8
* Safari prior to versions 4.1 and 5.0
The vulnerability occurs when the a certain property of an HTML element with a caption is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code.
Patch Availability:
Apple has released a fix which addresses this issue. Information about downloadable vendor updates can be found by clicking on the URLs shown.
http://www.apple.com/safari/download/
Workaround:
The vulnerability is present in the JavaScript engine, so disabling JavaScript is an effective workaround. This can be performed via the command line with Google Chrome, and the Preferences menu in Safari.
CVE Information:
CVE-2010-1400
Disclosure Timeline:
01/28/2010 Initial Vendor Notification
01/28/2010 Initial Vendor Reply
06/07/2010 Coordinated Public Disclosure
|
|
|
|