HTTP: Apple Safari WebKit Rendering Counter Code Execution
This signature detects attempts to exploit a known vulnerability in Apple Safari's WebKit. It is due to an error in WebKit's support for generated content. When utilizing generated content on an element, the vulnerable code inserts multiple references to the generated element. When the generated page is being destroyed, the vulnerable application will navigate through the references to discover more elements to destroy. Remote attackers can exploit this by enticing the target user to open a maliciously crafted Web page. A successful attack can result in execution of arbitrary code within the security context of the current user. An unsuccessful attempt terminates the affected application abnormally.
Extended Description
WebKit is prone to a remote memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary code in the context of the user running the affected application. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. NOTE: This issue was previously covered in BID 42020 (Apple Safari Prior to 5.0.1 and 4.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Affected Products
Apple ipod_touch,Google chrome
Short Name
HTTP:STC:SAFARI:WEBKIT-RENDER
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2010-1784 Code Counter Execution Rendering Safari WebKit bid:42036
Release Date
12/22/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Red_hat
Webkit_open_source_project
Suse
Apple
Ubuntu
Mandriva
CVSS Score
9.3