Apple Safari up to 5.1.7 WebKit buffer overflow

VulDB: Apple Safari up to 5.1.7 WebKit buffer overflow

General

Apple

scipID: 5828
Affected: Apple Safari up to 5.1.7
Published: 07/25/2012 (Martin Barbella)
Risk: critical
Entry: 90.3% complete
Created: 08/03/2012
Updated: 09/03/2012

Summary

A vulnerability, which was classified as critical, has been found in Apple Safari up to 5.1.7. Affected by this issue is an unknown function of the component WebKit. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.

The weakness was presented 07/25/2012 by Martin Barbella with Google Chrome Security Team as HT5400 as knowledge base article (Apple Security Announce). The advisory is shared for download at support.apple.com. The public release was coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2012-3636 since 06/19/2012. The exploitability is known to be difficult. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available.

The real existence of this vulnerability is still doubted at the moment.

Upgrading to version 6 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84171) and Secunia (SA50058).