{"vuid":"VU#905292","idnumber":"905292","name":"Apple Safari code execution vulnerability","keywords":["Apple","Safari","RSS","URLs","memory corruption","denial of service","DoS","arbitrary code execution","apple-2007-009"],"overview":"The Apple Safari web browser contains a vulnerability that may allow an attacker to execute arbitrary code.","clean_desc":"Per Apple Security Update 2007-009: A memory corruption issue exists in Safari's handling of feed: URLs. By enticing a user to access a maliciously crafted URL, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of feed: URLs and providing an error message in case of an invalid URL. This issue does not affect systems running Mac OS X 10.5 or later.","impact":"A remote unauthenticated attacker who can persuade a user to click on a malicious hyperlink may be able to execute arbitrary code. Note that per Apple Security Update 2007-009 this vulnerability only affects versions of Safari shipped with Mac OS X 10.4 and earlier.","resolution":"Update\nApple has released an update to address this issue. See Apple Security Update 2007-009 for more information on obtaining updates.","workarounds":"","sysaffected":"","thanks":"Information available in About Security Update 2007-009 was used in this report.","author":"This document was written by Ryan Giobbi.","public":["h","t","t","p",":","/","/","d","o","c","s",".","i","n","f","o",".","a","p","p","l","e",".","c","o","m","/","a","r","t","i","c","l","e",".","h","t","m","l","?","a","r","t","n","u","m","=","3","0","7","1","7","9"],"cveids":["CVE-2007-5859"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-12-18T13:16:39Z","publicdate":"2007-12-18T00:00:00Z","datefirstpublished":"2007-12-18T14:26:44Z","dateupdated":"2008-01-07T18:45:06Z","revision":12,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"5","cam_exploitation":"0","cam_internetinfrastructure":"1","cam_population":"5","cam_impact":"18","cam_easeofexploitation":"19","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.8475","cam_scorecurrentwidelyknown":"13.46625","cam_scorecurrentwidelyknownexploited":"26.29125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":3.8475,"vulnote":null}