Vulnerabilities

WebKit in Apple Safari prior to 4.0 DDOS vulnerability (PC1-2009-1555)

Vulnerability chart	Risk level Low Medium High Extreme Severe Warning: security vulnerability level = severe 101 vulnerabilities(-y) found between 8 December, 2003 and 21 September, 2009. Safari is a web browser developed by Apple Inc. Apple Safari is the... more See also: Safari, The Apple Safari 1 files found: SAFARI.EXE... more WebKit in Apple Safari prior to 4.0 does not suitably cope with constant (aka const) declarations in a type-conversion operation throughout JavaScript exception handling.
Remote Access Yes, patch is available Patch is easy to implement

Description:	This lets remote attackers to execute arbitrary code or cause a denial of service that is memory corruption and application crash through a crafted HTML document.
Impact:	By this type of vulnerability, information can be unveiled and changes can be made without any authorization. Also, a service can be broken up.
Solution:	As often, in most cases like this, we recommend users to upgrade to the latest version of the software product (Apple Safari version 4).
References:	http://www.vupen.com/english/advisories/2009/1522 http://support.apple.com/kb/HT3613 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html http://www.securityfocus.com/bid/35260 http://securitytracker.com/id?1022345 http://secunia.com/advisories/35379

CVSS Severity		CVSS Version 2 Metrics:
CVSS v2 Base Score:	9.3 (HIGH)	Access Vector:	N/A
Impact Subscore:	10.0	Access Complexity:	Medium
Exploitability Subscore:	8.6	Authentication:	Not required to exploit
		Impact Type:	Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service