发布时间 :2006-08-02 21:04:00
修订时间 :2017-07-19 21:32:21

[原文]WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.

[CNNVD]Apple Mac OS 特制的HTML文档拒绝服务攻击漏洞(CNNVD-200608-043)

        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:apple:mac_os_x_server:10.3.9Apple Mac OS X Server 10.3.9
cpe:/o:apple:mac_os_x_server:10.4.7Apple Mac OS X Server 10.4.7
cpe:/o:apple:mac_os_x:10.3.9Apple Mac OS X 10.3.9
cpe:/o:apple:mac_os_x:10.4.7Apple Mac OS X 10.4.7

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BID  19289
(UNKNOWN)  VUPEN  ADV-2006-3101
(UNKNOWN)  XF  macosx-webkit-code-execution(28149)

- 漏洞信息

Apple Mac OS 特制的HTML文档拒绝服务攻击漏洞
高危 资料不足
2006-08-02 00:00:00 2006-08-09 00:00:00
        Apple Mac OS X是苹果家族机器所使用的操作系统。
        最新的Mac OS X更新修复了多个漏洞,具体如下:

- 公告与补丁

        Apple Mac OS X Server 10.3.9
        Apple SecUpdSrvr2006-004Pan.dmg 1&platform=osx&method=sa/SecUpdSrvr2006-004Pan.dmg
        Apple Mac OS X 10.3.9
        Apple SecUpd2006-004Pan.dmg 1&platform=osx&method=sa/SecUpd2006-004Pan.dmg
        Apple Mac OS X 10.4.7
        Apple SecUpd2006-004Intel.dmg 1&platform=osx&method=sa/SecUpd2006-004Intel.dmg

- 漏洞信息

Apple Mac OS X WebKit Malformed HTML Deallocated Object Access DoS
Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially crafted web page is parsed by WebKit, which caused a previously de-allocated object to be accessed. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

- 时间线

2006-07-14 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

- 相关参考

- 漏洞作者