HTTP: Apple Safari Webkit libxslt Arbitrary File Creation
An arbitrary file creation vulnerability exists in Apple's Safari web browser. The vulnerability is due to the way Webkit processes XSL transformations. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation could lead to the creation (or overwriting) of arbitrary files on the target system, and execution of arbitrary code in the context of the currently logged-in user.
Extended Description
WebKit is prone to a remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will crash the application. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Affected Products
Apple iphone,Apple ios
Short Name
HTTP:STC:SAFARI:WEBKIT-LIBXSLT
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple Arbitrary CVE-2011-1774 Creation File Safari Webkit bid:48840 libxslt
Release Date
11/11/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Webkit_open_source_project
Suse
Apple
CVSS Score
8.8