cvelistv5 - CVE-2007-3758

CVE-2007-3758 (GCVE-0-2007-3758)

Vulnerability from cvelistv5

Published

2007-09-27 22:00

Modified

2024-08-07 14:28

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

fkie_cve-2007-3758

Vulnerability from fkie_nvd

Published

2007-09-27 22:17

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=306586
cve@mitre.org	http://docs.info.apple.com/article.html?artnum=307041
cve@mitre.org	http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
cve@mitre.org	http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html	Patch
cve@mitre.org	http://secunia.com/advisories/26983	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/27643	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1018752
cve@mitre.org	http://www.securityfocus.com/bid/25857
cve@mitre.org	http://www.securityfocus.com/bid/26444
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA07-319A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3287	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/3868	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/36857
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=306586
af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307041
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/26983	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27643	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1018752
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25857
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26444
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA07-319A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3287	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3868	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/36857

Impacted products

Vendor	Product	Version
apple	iphone_os	1.1.1
apple	safari	*
apple	mac_os_x	10.4
apple	mac_os_x	10.4.1
apple	mac_os_x	10.4.2
apple	mac_os_x	10.4.3
apple	mac_os_x	10.4.4
apple	mac_os_x	10.4.5
apple	mac_os_x	10.4.6
apple	mac_os_x	10.4.7
apple	mac_os_x	10.4.8
apple	mac_os_x	10.4.9
apple	mac_os_x	10.4.10
microsoft	windows_vista	*
microsoft	windows_xp	*
apple	safari	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27319629-171F-42AA-A95F-2D71F78097D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE370CAA-04B3-434E-BD5B-1D87DE596C10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0760FDDB-38D3-4263-9B4D-1AF5E613A4F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD4DE58-46C7-4E69-BF36-C5FD768B8248",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF824694-52DE-44E3-ACAD-60B2A84CD3CE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73A0891-A37A-4E0D-AA73-B18BFD6B1447",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26AC38AB-D689-4B2B-9DAE-F03F4DFD15BE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C580935-0091-4163-B747-750FB7686973",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB0F2132-8431-4CEF-9A3D-A69425E3834E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8719F3C4-F1DE-49B5-9301-22414A2B6F9C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "09ED46A8-1739-411C-8807-2A416BDB6DFE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "786BB737-EA99-4EC6-B742-0C35BF2453F9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D089858-3AF9-4B82-912D-AA33F25E3715",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E61F1C9B-44AF-4B35-A7B2-948EEF7639BD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CB75258-E523-4F5A-BE8C-436CB4D68447",
              "versionEndIncluding": "3.0.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks."
    },
    {
      "lang": "es",
      "value": "Safari en Apple iPhone versi\u00f3n 1.1.1 y Safari versi\u00f3n 3 anterior a beta Update 3.0.4 en Windows y en Mac OS X versiones 10.4 hasta 10.4.10, permite a atacantes remotos ajustar las propiedades de ventana de Javascript para las p\u00e1ginas web que est\u00e1n en un dominio diferente, el cual puede ser aprovechado para conducir ataques de tipo cross-site scripting (XSS)."
    }
  ],
  "id": "CVE-2007-3758",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-09-27T22:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=306586"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://docs.info.apple.com/article.html?artnum=307041"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26983"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27643"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1018752"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25857"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26444"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3287"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3868"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=306586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307041"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26983"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1018752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25857"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26444"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/3868"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Apple Mac OS X CoreText contains an uninitialized pointer vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iPhone Mobile Safari Browser is prone to a vulnerability that allows attackers to bypass the same-origin policy. Attackers can exploit this issue to execute arbitrary JavaScript in the context of another domain. Versions prior to iPhone 1.1.1 are vulnerable. NOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details. Apple iPhone is a smart phone of Apple (Apple).

2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published

How do you know which Secunia advisories are important to you?

The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively.

Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv

TITLE: Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA27643

VERIFY ADVISORY: http://secunia.com/advisories/27643/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, Privilege escalation, DoS, System access

WHERE:

From remote

OPERATING SYSTEM: Apple Macintosh OS X http://secunia.com/product/96/

DESCRIPTION: Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.

1) Multiple errors within the Adobe Flash Player plug-in can be exploited by malicious people to gain knowledge of sensitive information or compromise a user's system.

For more information: SA26027

2) A null-pointer dereference error exists within AppleRAID when handling disk images. This can be exploited to cause a system shutdown when a specially crafted disk image is mounted e.g. automatically via Safari if the option "Open 'safe' files after downloading" is enabled.

3) An error in BIND can be exploited by malicious people to poison the DNS cache.

For more information: SA26152

4) An error in bzip2 can be exploited to cause a DoS (Denial of Service).

For more information: SA15447

This also fixes a race condition when setting file permissions.

5) An unspecified error in the implementation of FTP of CFNetwork can be exploited by a malicious FTP server to cause the client to connect to other hosts by sending specially crafted replies to FTP PASV (passive) commands.

6) An unspecified error exists in the validation of certificates within CFNetwork. This can be exploited via a Man-in-the-Middle (MitM) attack to spoof a web site with a trusted certificate.

7) A null pointer dereference error in the CFNetwork framework can lead to an unexpected application termination when a vulnerable application connects to a malicious server.

8) A boundary error in CoreFoundation can be exploited to cause a one-byte buffer overflow when a user is enticed to read a specially crafted directory hierarchy.

Successful exploitation allows execution of arbitrary code.

9) An error exists in CoreText due to the use of an uninitialised pointer and can be exploited to execute arbitrary code when a user is tricked into reading a specially crafted text.

10) Some vulnerabilities in Kerberos can be exploited by malicious users and malicious people to compromise a vulnerable system.

For more information: SA26676

11) An error in the handling of the current Mach thread port or thread exception port in the Kernel can be exploited by a malicious, local user to execute arbitrary code with root privileges.

Successful exploitation requires permission to execute a setuid binary.

12) An unspecified error in the Kernel can be exploited to bypass the chroot mechanism by changing the working directory using a relative path.

13) An integer overflow error in the "i386_set_ldt" system call can be exploited by malicious, local users to execute arbitrary code with escalated privileges.

14) An error exists in the handling of standard file descriptors while executing setuid and setgid programs. This can be exploited by malicious, local users to gain system privileges by executing setuid programs with the standard file descriptors in an unexpected state.

15) An integer overflow exists in the Kernel when handling ioctl requests. This can be exploited to execute arbitrary code with system privileges by sending a specially crafted ioctl request.

16) The default configuration of tftpd allows clients to access any path on the system.

17) An error in the Node Information Query mechanism may allow a remote user to query for all addresses of a host, including link-local addresses.

18) An integer overflow exists in the handling of ASP messages with AppleTalk. This can be exploited by malicious, local users to cause a heap-based buffer overflow and to execute arbitrary code with system privileges by sending a maliciously crafted ASP message on an AppleTalk socket.

19) A double-free error in the handling of certain IPV6 packets can potentially be exploited to execute arbitrary code with system privileges.

20) A boundary error exists when adding a new AppleTalk zone. This can be exploited to cause a stack-based buffer overflow by sending a maliciously crafted ioctl request to an AppleTalk socket and allows execution of arbitrary code with system privileges.

21) An arithmetic error exists in AppleTalk when handling memory allocations. This can be exploited by malicious, local users to cause a heap-based buffer overflow and execute arbitrary code with system privileges by sending a maliciously crafted AppleTalk message.

22) A double free error in NFS exists when processing an AUTH_UNIX RPC call. This can be exploited by malicious people to execute arbitrary code by sending a maliciously crafted AUTH_UNIX RPC call via TCP or UDP.

23) An unspecified case-sensitivity error exists in NSURL when determining if a URL references the local file system.

24) A format string error in Safari can be exploited by malicious people to execute arbitrary code when a user is tricked into opening a .download file with a specially crafted name.

25) An implementation error exists in the tabbed browsing feature of Safari. If HTTP authentication is used by a site being loaded in a tab other than the active tab, an authentication sheet may be displayed although the tab and its corresponding page are not visible.

26) A person with physical access to a system may be able to bypass the screen saver authentication dialog by sending keystrokes to a process running behind the screen saver authentication dialog.

27) Safari does not block "file://" URLs when loading resources. This can be exploited to view the content of local files by enticing a user to visit a specially crafted web page.

28) An input validation error exists in WebCore when handling HTML forms. This can be exploited to alter the values of form fields by enticing a user to upload a specially crafted file.

29) A race condition error exists in Safari when handling page transitions. This can be exploited to obtain information entered in forms on other web sites by enticing a user to visit a malicious web page.

30) An unspecified error exists in the handling of the browser's history. This can be exploited to execute arbitrary code by enticing a user to visit a specially crafted web page. This can be exploited to get or set the window status and location of pages served from other websites by enticing a user to visit a specially crafted web page. This can be exploited to execute arbitrary HTML and script code in context of another site by enticing a user to visit a specially crafted web page.

33) An error in Safari allows content served over HTTP to alter or access content served over HTTPS in the same domain.

34) An error in Safari in the handling of new browser windows can be exploited to disclose the URL of an unrelated page.

For more information see vulnerability #2 in: SA23893

35) An error in WebKit may allow unauthorised applications to access private keys added to the keychain by Safari.

36) An unspecified error in Safari may allow a malicious website to send remotely specified data to arbitrary TCP ports.

37) WebKit/Safari creates temporary files insecurely when previewing a PDF file, which may allow a local user to access the file's content.

SOLUTION: Update to Mac OS X 10.4.11 or apply Security Update 2007-008.

Security Update 2007-008 (10.3.9 Client): http://www.apple.com/support/downloads/securityupdate20070081039client.html

Security Update 2007-008 (10.3.9 Server): http://www.apple.com/support/downloads/securityupdate20070081039server.html

Mac OS X 10.4.11 Combo Update (PPC): http://www.apple.com/support/downloads/macosx10411comboupdateppc.html

Mac OS X 10.4.11 Update (Intel): http://www.apple.com/support/downloads/macosx10411updateintel.html

Mac OS X 10.4.11 Combo Update (Intel): http://www.apple.com/support/downloads/macosx10411comboupdateintel.html

Mac OS X 10.4.11 Update (PPC): http://www.apple.com/support/downloads/macosx10411updateppc.html

Mac OS X Server 10.4.11 Update (Universal): http://www.apple.com/support/downloads/macosx10411updateppc.html

Mac OS X Server 10.4.11 Combo Update (Universal): http://www.apple.com/support/downloads/macosxserver10411comboupdateuniversal.html

Mac OS X Server 10.4.11 Update (PPC): http://www.apple.com/support/downloads/macosxserver10411updateppc.html

Mac OS X Server 10.4.11 Combo Update (PPC): http://www.apple.com/support/downloads/macosxserver10411comboupdateppc.html

PROVIDED AND/OR DISCOVERED BY: 2) The vendor credits Mark Tull, University of Hertfordshire and Joel Vink, Zetera Corporation. 5) The vendor credits Dr Bob Lopez PhD. 6) The vendor credits Marko Karppinen, Petteri Kamppuri, and Nikita Zhuk of MK&C. 9) Will Dormann, CERT/CC 11) An anonymous person, reported via iDefense Labs. 12) The vendor credits Johan Henselmans and Jesper Skov. 13) The vendor credits RISE Security. 14) The vendor credits Ilja van Sprundel. 15) The vendor credits Tobias Klein, www.trapkit.de 16) The vendor credits James P. Javery, Stratus Data Systems 17) The vendor credits Arnaud Ebalard, EADS Innovation Works. 18, 21) Sean Larsson, iDefense Labs 19) The vendor credits Bhavesh Davda of VMware and Brian "chort" Keefer of Tumbleweed Communications. 20) An anonymous person, reported via iDefense Labs. 22) The vendor credits Alan Newson of NGSSoftware, and Renaud Deraison of Tenable Network Security, Inc. 25) The vendor credits Michael Roitzsch, Technical University Dresden. 26) The vendor credits Faisal N. Jawdat 27) The vendor credits lixlpixel. 28) The vendor credits Bodo Ruskamp, Itchigo Communications GmbH. 29) The vendor credits Ryan Grisso, NetSuite. 30) The vendor credits David Bloom. 31, 32) The vendor credits Michal Zalewski, Google Inc. 33) The vendor credits Keigo Yamazaki of LAC Co. 36) The vendor credits Kostas G. Anagnostakis, Institute for Infocomm Research and Spiros Antonatos, FORTH-ICS 37) The vendor credits Jean-Luc Giraud, and Moritz Borgmann of ETH Zurich.

ORIGINAL ADVISORY: Apple: http://docs.info.apple.com/article.html?artnum=307041

US-CERT VU#498105: http://www.kb.cert.org/vuls/id/498105

iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=627 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628

OTHER REFERENCES: SA15447: http://secunia.com/advisories/15447/

SA23893: http://secunia.com/advisories/23893/

SA26027: http://secunia.com/advisories/26027/

SA26152: http://secunia.com/advisories/26152/

SA26676: http://secunia.com/advisories/26676/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

I. Further details are available in the related vulnerability notes.

II. Impact

The impacts of these vulnerabilities vary. Potential consequences include remote execution of arbitrary code or commands, bypass of security restrictions, and denial of service.

III. This and other updates are available via Apple Update or via Apple Downloads.

IV. Please send email to cert@cert.org with "TA07-319A Feedback VU#498105" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2007 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

November 15, 2007: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRzx7ZvRFkHkM87XOAQJfIQgAmTZfjJAY/QTweUmvZtOJ9JQ4e/Gj0sE9 OPSrK/SplP92WUL1Ucb8I/VUSQEXXJhNv9dTCMcy7IMpqhx4UxPA6fBKWDJ+nUFi sx/60EOAiIVW+yYK79VdoI1jrSs48E+CNdqEJCQcjUCVi29eGAdW63H2jOZV37/F 4iQBZYRqhiycZ9FS+S+9aRfMhfy8dEOr1UwIElq6X/tSwss1EKFSNrK5ktGifUtB AJ+LJVBt2yZOIApcGhsxC3LYUDrDfhqGLIVM2XBc1yuV7Y2gaH4g9Txe+fWK79X2 LYHvhv2xtgLweR12YC+0hT60wSdrDTM6ZW0//ny25LZ7Y7D46ogSWQ== =AgEr -----END PGP SIGNATURE----- .

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.

2) The problem is that users are not notified about changes of mail servers' identities when Mail is configured to use SSL for incoming and outgoing connections. This can be exploited e.g. to impersonate the user's mail server and obtain the user's email credentials.

3) It is possible to cause the iPhone to call a phone number without user confirmation by enticing a user to follow a "tel:" link in a mail message. Exiting Safari during the confirmation process may result in unintentional confirmation.

7) Disabling Javascript in Safari does not take effect until Safari is restarted.

SOLUTION: Update to version 1.1.1 (downloadable and installable via iTunes).

PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Kevin Mahaffey and John Hering of Flexilis Mobile Security 3) Andi Baritchi, McAfee 4) Michal Zalewski, Google Inc. and Secunia Research 5) Billy Hoffman and Bryan Sullivan of HP Security Labs (formerly SPI Labs) and Eduardo Tang 6, 8) Michal Zalewski, Google Inc

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200709-0147",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apple computer",
        "version": null
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4 to  v10.4.10 version"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.4 to  v10.4.10 version"
      },
      {
        "model": "iphone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "apple",
        "version": "3 beta update 3.0.3"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.9"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apple",
        "version": "10.4.7"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari beta for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "iphone",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "1.1.1"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "db": "BID",
        "id": "25857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:apple:iphone",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Michal Zalewski\u203b lcamtuf@echelon.pl",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2007-3758",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-3758",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-27120",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-3758",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#498105",
            "trust": 0.8,
            "value": "7.76"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-3758",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200709-417",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-27120",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. Apple Mac OS X CoreText contains an uninitialized pointer vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Apple iPhone Mobile Safari Browser is prone to a vulnerability that allows attackers to bypass the same-origin policy. \nAttackers can exploit this issue to execute arbitrary JavaScript in the context of another domain. \nVersions prior to iPhone 1.1.1 are vulnerable. \nNOTE: This issue was initially disclosed along with several other issues in BID 25834 (Apple iPhone 1.1.1 Update Multiple Security Vulnerabilities). Each issue has been assigned its own BID to better document the details. Apple iPhone is a smart phone of Apple (Apple). \n\n----------------------------------------------------------------------\n\n2003: 2,700 advisories published\n2004: 3,100 advisories published\n2005: 4,600 advisories published\n2006: 5,300 advisories published\n\nHow do you know which Secunia advisories are important to you?\n\nThe Secunia Vulnerability Intelligence Solutions allows you to filter\nand structure all the information you need, so you can address issues\neffectively. \n\nGet a free trial of the Secunia Vulnerability Intelligence Solutions:\nhttp://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Mac OS X Security Update Fixes Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA27643\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27643/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting, Spoofing, Exposure of\nsensitive information, Privilege escalation, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nApple Macintosh OS X\nhttp://secunia.com/product/96/\n\nDESCRIPTION:\nApple has issued a security update for Mac OS X, which fixes multiple\nvulnerabilities. \n\n1) Multiple errors within the Adobe Flash Player plug-in can be\nexploited by malicious people to gain knowledge of sensitive\ninformation or compromise a user\u0027s system. \n\nFor more information:\nSA26027\n\n2) A null-pointer dereference error exists within AppleRAID when\nhandling disk images. This can be exploited to cause a system\nshutdown when a specially crafted disk image is mounted e.g. \nautomatically via Safari if the option \"Open \u0027safe\u0027 files after\ndownloading\" is enabled. \n\n3) An error in BIND can be exploited by malicious people to poison\nthe DNS cache. \n\nFor more information:\nSA26152\n\n4) An error in bzip2 can be exploited to cause a DoS (Denial of\nService). \n\nFor more information:\nSA15447\n\nThis also fixes a race condition when setting file permissions. \n\n5) An unspecified error in the implementation of FTP of CFNetwork can\nbe exploited by a malicious FTP server to cause the client to connect\nto other hosts by sending specially crafted replies to FTP PASV\n(passive) commands. \n\n6) An unspecified error exists in the validation of certificates\nwithin CFNetwork. This can be exploited via a Man-in-the-Middle\n(MitM) attack to spoof a web site with a trusted certificate. \n\n7) A null pointer dereference error in the CFNetwork framework can\nlead to an unexpected application termination when a vulnerable\napplication connects to a malicious server. \n\n8) A boundary error in CoreFoundation can be exploited to cause a\none-byte buffer overflow when a user is enticed to read a specially\ncrafted directory hierarchy. \n\nSuccessful exploitation allows execution of arbitrary code. \n\n9) An error exists in CoreText due to the use of an uninitialised\npointer and can be exploited to execute arbitrary code when a user is\ntricked into reading a specially crafted text. \n\n10) Some vulnerabilities in Kerberos can be exploited by malicious\nusers and malicious people to compromise a vulnerable system. \n\nFor more information:\nSA26676\n\n11) An error in the handling of the current Mach thread port or\nthread exception port in the Kernel can be exploited by a malicious,\nlocal user to execute arbitrary code with root privileges. \n\nSuccessful exploitation requires permission to execute a setuid\nbinary. \n\n12) An unspecified error in the  Kernel can be exploited to bypass\nthe chroot mechanism by changing the working directory using a\nrelative path. \n\n13) An integer overflow error in the \"i386_set_ldt\" system call can\nbe exploited by malicious, local users to execute arbitrary code with\nescalated privileges. \n\n14) An error exists in the handling of standard file descriptors\nwhile executing setuid and setgid programs. This can be exploited by\nmalicious, local users to gain system privileges by executing setuid\nprograms with the standard file descriptors in an unexpected state. \n\n15) An integer overflow exists in the Kernel when handling ioctl\nrequests. This can be exploited to execute arbitrary code with system\nprivileges by sending a specially crafted ioctl request. \n\n16) The default configuration of tftpd allows clients to access any\npath on the system. \n\n17) An error in the Node Information Query mechanism may allow a\nremote user to query for all addresses of a host, including\nlink-local addresses. \n\n18) An integer overflow exists in the handling of ASP messages with\nAppleTalk. This can be exploited by malicious, local users to cause a\nheap-based buffer overflow and to execute arbitrary code with system\nprivileges by sending a maliciously crafted ASP message on an\nAppleTalk socket. \n\n19) A double-free error in the handling of certain IPV6 packets can\npotentially be exploited to execute arbitrary code with system\nprivileges. \n\n20) A boundary error exists when adding a new AppleTalk zone. This\ncan be exploited to cause a stack-based buffer overflow by sending a\nmaliciously crafted ioctl request to an AppleTalk socket and allows\nexecution of arbitrary code with system privileges. \n\n21) An arithmetic error exists in AppleTalk when handling memory\nallocations. This can be exploited by malicious, local users to cause\na heap-based buffer overflow and execute arbitrary code with system\nprivileges by sending a maliciously crafted AppleTalk message. \n\n22) A double free error in NFS exists when processing an AUTH_UNIX\nRPC call. This can be exploited by malicious people to execute\narbitrary code by sending a maliciously crafted AUTH_UNIX RPC call\nvia TCP or UDP. \n\n23) An unspecified case-sensitivity error exists in NSURL when\ndetermining if a URL references the local file system. \n\n24) A format string error in Safari can be exploited by malicious\npeople to execute arbitrary code when a user is tricked into opening\na .download file with a specially crafted name. \n\n25) An implementation error exists in the tabbed browsing feature of\nSafari. If HTTP authentication is used by a site being loaded in a\ntab other than the active tab, an authentication sheet may be\ndisplayed although the tab and its corresponding page are not\nvisible. \n\n26) A person with physical access to a system may be able to bypass\nthe screen saver authentication dialog by sending keystrokes to a\nprocess running behind the screen saver authentication dialog. \n\n27) Safari does not block \"file://\" URLs when loading resources. This\ncan be exploited to view the content of local files by enticing a user\nto visit a specially crafted web page. \n\n28) An input validation error exists in WebCore when handling HTML\nforms. This can be exploited to alter the values of form fields by\nenticing a user to upload a specially crafted file. \n\n29) A race condition error exists in Safari when handling page\ntransitions. This can be exploited to obtain information entered in\nforms on other web sites by enticing a user to visit a malicious web\npage. \n\n30) An unspecified error exists in the handling of the browser\u0027s\nhistory. This can be exploited to execute arbitrary code by enticing\na user to visit a specially crafted web page. This\ncan be exploited to get or set the window status and location of\npages served from other websites by enticing a user to visit a\nspecially crafted web page. This\ncan be exploited to execute arbitrary HTML and script code in context\nof another site by enticing a user to visit a specially crafted web\npage. \n\n33) An error in Safari allows content served over HTTP to alter or\naccess content served over HTTPS in the same domain. \n\n34) An error in Safari in the handling of new browser windows can be\nexploited to disclose the URL of an unrelated page. \n\nFor more information see vulnerability #2 in:\nSA23893\n\n35) An error in WebKit may allow unauthorised applications to access\nprivate keys added to the keychain by Safari. \n\n36) An unspecified error in Safari may allow a malicious website to\nsend remotely specified data to arbitrary TCP ports. \n\n37) WebKit/Safari creates temporary files insecurely when previewing\na PDF file, which may allow a local user to access the file\u0027s\ncontent. \n\nSOLUTION:\nUpdate to Mac OS X 10.4.11 or apply Security Update 2007-008. \n\nSecurity Update 2007-008 (10.3.9 Client):\nhttp://www.apple.com/support/downloads/securityupdate20070081039client.html\n\nSecurity Update 2007-008 (10.3.9 Server):\nhttp://www.apple.com/support/downloads/securityupdate20070081039server.html\n\nMac OS X 10.4.11 Combo Update (PPC):\nhttp://www.apple.com/support/downloads/macosx10411comboupdateppc.html\n\nMac OS X 10.4.11 Update (Intel):\nhttp://www.apple.com/support/downloads/macosx10411updateintel.html\n\nMac OS X 10.4.11 Combo Update (Intel):\nhttp://www.apple.com/support/downloads/macosx10411comboupdateintel.html\n\nMac OS X 10.4.11 Update (PPC):\nhttp://www.apple.com/support/downloads/macosx10411updateppc.html\n\nMac OS X Server 10.4.11 Update (Universal):\nhttp://www.apple.com/support/downloads/macosx10411updateppc.html\n\nMac OS X Server 10.4.11 Combo Update (Universal):\nhttp://www.apple.com/support/downloads/macosxserver10411comboupdateuniversal.html\n\nMac OS X Server 10.4.11 Update (PPC):\nhttp://www.apple.com/support/downloads/macosxserver10411updateppc.html\n\nMac OS X Server 10.4.11 Combo Update (PPC):\nhttp://www.apple.com/support/downloads/macosxserver10411comboupdateppc.html\n\nPROVIDED AND/OR DISCOVERED BY:\n2) The vendor credits Mark Tull, University of Hertfordshire and Joel\nVink, Zetera Corporation. \n5) The vendor credits Dr Bob Lopez PhD. \n6) The vendor credits Marko Karppinen, Petteri Kamppuri, and Nikita\nZhuk of MK\u0026C. \n9) Will Dormann, CERT/CC\n11) An anonymous person, reported via iDefense Labs. \n12) The vendor credits Johan Henselmans and Jesper Skov. \n13) The vendor credits RISE Security. \n14) The vendor credits Ilja van Sprundel. \n15) The vendor credits Tobias Klein, www.trapkit.de\n16) The vendor credits James P. Javery, Stratus Data Systems\n17) The vendor credits Arnaud Ebalard, EADS Innovation Works. \n18, 21) Sean Larsson, iDefense Labs\n19) The vendor credits Bhavesh Davda of VMware and Brian \"chort\"\nKeefer of Tumbleweed Communications. \n20) An anonymous person, reported via iDefense Labs. \n22) The vendor credits Alan Newson of NGSSoftware, and Renaud\nDeraison of Tenable Network Security, Inc. \n25) The vendor credits Michael Roitzsch, Technical University\nDresden. \n26) The vendor credits Faisal N. Jawdat\n27) The vendor credits lixlpixel. \n28) The vendor credits Bodo Ruskamp, Itchigo Communications GmbH. \n29) The vendor credits Ryan Grisso, NetSuite. \n30) The vendor credits David Bloom. \n31, 32) The vendor credits Michal Zalewski,  Google Inc. \n33) The vendor credits Keigo Yamazaki of LAC Co. \n36) The vendor credits Kostas G. Anagnostakis, Institute for Infocomm\nResearch and Spiros Antonatos, FORTH-ICS\n37) The vendor credits Jean-Luc Giraud, and Moritz Borgmann of ETH\nZurich. \n\nORIGINAL ADVISORY:\nApple:\nhttp://docs.info.apple.com/article.html?artnum=307041\n\nUS-CERT VU#498105:\nhttp://www.kb.cert.org/vuls/id/498105\n\niDefense Labs:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=627\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628\n\nOTHER REFERENCES:\nSA15447:\nhttp://secunia.com/advisories/15447/\n\nSA23893:\nhttp://secunia.com/advisories/23893/\n\nSA26027:\nhttp://secunia.com/advisories/26027/\n\nSA26152:\nhttp://secunia.com/advisories/26152/\n\nSA26676:\nhttp://secunia.com/advisories/26676/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n\nI. Further\n   details are available in the related vulnerability notes. \n\n\nII. Impact\n\n   The impacts of these vulnerabilities vary. Potential consequences\n   include remote execution of arbitrary code or commands, bypass of\n   security restrictions, and denial of service. \n\n\nIII. This and\n   other updates are available via Apple Update or via Apple Downloads. \n\n\nIV. Please send\n   email to \u003ccert@cert.org\u003e with \"TA07-319A Feedback VU#498105\" in the\n   subject. \n ____________________________________________________________________\n\n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\nRevision History\n\n   November 15, 2007: Initial release\n\n\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRzx7ZvRFkHkM87XOAQJfIQgAmTZfjJAY/QTweUmvZtOJ9JQ4e/Gj0sE9\nOPSrK/SplP92WUL1Ucb8I/VUSQEXXJhNv9dTCMcy7IMpqhx4UxPA6fBKWDJ+nUFi\nsx/60EOAiIVW+yYK79VdoI1jrSs48E+CNdqEJCQcjUCVi29eGAdW63H2jOZV37/F\n4iQBZYRqhiycZ9FS+S+9aRfMhfy8dEOr1UwIElq6X/tSwss1EKFSNrK5ktGifUtB\nAJ+LJVBt2yZOIApcGhsxC3LYUDrDfhqGLIVM2XBc1yuV7Y2gaH4g9Txe+fWK79X2\nLYHvhv2xtgLweR12YC+0hT60wSdrDTM6ZW0//ny25LZ7Y7D46ogSWQ==\n=AgEr\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\n2) The problem is that users are not notified about changes of mail\nservers\u0027 identities when Mail is configured to use SSL for incoming\nand outgoing connections. This can be exploited e.g. to impersonate\nthe user\u0027s mail server and obtain the user\u0027s email credentials. \n\n3) It is possible to cause the iPhone to call a phone number without\nuser confirmation by enticing a user to follow a \"tel:\" link in a\nmail message. Exiting Safari during the\nconfirmation process may result in unintentional confirmation. \n\n7) Disabling Javascript in Safari does not take effect until Safari\nis restarted. \n\nSOLUTION:\nUpdate to version 1.1.1 (downloadable and installable via iTunes). \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Kevin Mahaffey and John Hering of Flexilis Mobile Security\n3) Andi Baritchi, McAfee\n4) Michal Zalewski, Google Inc. and Secunia Research\n5) Billy Hoffman and Bryan Sullivan of HP Security Labs (formerly SPI\nLabs) and Eduardo Tang\n6, 8) Michal Zalewski, Google Inc",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      },
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "BID",
        "id": "25857"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "db": "PACKETSTORM",
        "id": "60958"
      },
      {
        "db": "PACKETSTORM",
        "id": "60987"
      },
      {
        "db": "PACKETSTORM",
        "id": "59671"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "25857",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "27643",
        "trust": 2.7
      },
      {
        "db": "SECUNIA",
        "id": "26983",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1018752",
        "trust": 2.5
      },
      {
        "db": "USCERT",
        "id": "TA07-319A",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "26444",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3287",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-3868",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#498105",
        "trust": 0.9
      },
      {
        "db": "XF",
        "id": "36857",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-27120",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "60958",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "60987",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "59671",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "db": "BID",
        "id": "25857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "PACKETSTORM",
        "id": "60958"
      },
      {
        "db": "PACKETSTORM",
        "id": "60987"
      },
      {
        "db": "PACKETSTORM",
        "id": "59671"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "id": "VAR-200709-0147",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:15:09.071000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "iPhone 1.1.1 Update",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=306586-en"
      },
      {
        "title": "Security Update 2007-008",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307041-en"
      },
      {
        "title": "Safari 3 Beta Update 3.0.4",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307038-en"
      },
      {
        "title": "iPhone 1.1.1 Update",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=306586-ja"
      },
      {
        "title": "Security Update 2007-008",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307041-ja"
      },
      {
        "title": "Safari 3 Beta Update 3.0.4",
        "trust": 0.8,
        "url": "http://docs.info.apple.com/article.html?artnum=307038-ja"
      },
      {
        "title": "Apple Safari Fixes for cross-site scripting vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203156"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://docs.info.apple.com/article.html?artnum=307041"
      },
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/25857"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1018752"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/26983"
      },
      {
        "trust": 2.1,
        "url": "http://docs.info.apple.com/article.html?artnum=306586"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/sep/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2007/nov/msg00003.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/26444"
      },
      {
        "trust": 1.7,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-319a.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/27643"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/3287"
      },
      {
        "trust": 1.7,
        "url": "http://www.vupen.com/english/advisories/2007/3868"
      },
      {
        "trust": 1.7,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/27643/"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3758"
      },
      {
        "trust": 0.8,
        "url": "http://www.frsirt.com/english/advisories/2007/3287"
      },
      {
        "trust": 0.8,
        "url": "http://xforce.iss.net/xforce/xfdb/36857"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2007-3758"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/iphone/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/advisories/23893/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26027/"
      },
      {
        "trust": 0.1,
        "url": "https://www.trapkit.de"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx10411comboupdateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/38/vi/?ref=secadv"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver10411comboupdateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver10411updateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=629"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx10411comboupdateintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26676/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx10411updateintel.html"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=628"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosxserver10411comboupdateuniversal.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/15447/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=630"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/498105"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/macosx10411updateppc.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20070081039server.html"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=627"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26152/"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/securityupdate20070081039client.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/96/"
      },
      {
        "trust": 0.1,
        "url": "http://www.isc.org/sw/bind/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.adobe.com/products/flashplayer/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-319a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=apple_2007_008\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=307041\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.bzip.org/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://web.mit.edu/kerberos/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://docs.info.apple.com/article.html?artnum=106704\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15128/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/26983/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "db": "BID",
        "id": "25857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "PACKETSTORM",
        "id": "60958"
      },
      {
        "db": "PACKETSTORM",
        "id": "60987"
      },
      {
        "db": "PACKETSTORM",
        "id": "59671"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "db": "BID",
        "id": "25857"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "db": "PACKETSTORM",
        "id": "60958"
      },
      {
        "db": "PACKETSTORM",
        "id": "60987"
      },
      {
        "db": "PACKETSTORM",
        "id": "59671"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-11-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "date": "2007-09-27T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "date": "2007-09-27T00:00:00",
        "db": "BID",
        "id": "25857"
      },
      {
        "date": "2007-10-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "date": "2007-11-16T07:06:08",
        "db": "PACKETSTORM",
        "id": "60958"
      },
      {
        "date": "2007-11-16T07:24:07",
        "db": "PACKETSTORM",
        "id": "60987"
      },
      {
        "date": "2007-09-29T21:23:54",
        "db": "PACKETSTORM",
        "id": "59671"
      },
      {
        "date": "2007-09-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "date": "2007-09-27T22:17:00",
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-11-15T00:00:00",
        "db": "CERT/CC",
        "id": "VU#498105"
      },
      {
        "date": "2017-07-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-27120"
      },
      {
        "date": "2007-11-15T00:40:00",
        "db": "BID",
        "id": "25857"
      },
      {
        "date": "2007-12-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-000723"
      },
      {
        "date": "2022-08-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      },
      {
        "date": "2024-11-21T00:33:59.833000",
        "db": "NVD",
        "id": "CVE-2007-3758"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "60987"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Mac OS X CoreText uninitialized pointer vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#498105"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "59671"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200709-417"
      }
    ],
    "trust": 0.7
  }
}

ghsa-xp89-62wf-p429

Vulnerability from github

Published

2022-05-01 18:16

Modified

2022-05-01 18:16

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-3758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-09-27T22:17:00Z",
    "severity": "MODERATE"
  },
  "details": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.",
  "id": "GHSA-xp89-62wf-p429",
  "modified": "2022-05-01T18:16:56Z",
  "published": "2022-05-01T18:16:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-3758"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=306586"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307041"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/26983"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27643"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1018752"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25857"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26444"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3287"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3868"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2007-AVI-499

Vulnerability from certfr_avis

None

Description

De très nombreuses vulnérabilités touchent les systèmes d'exploitation Mac OS X. L'exploitation de ces vulnérabilités permettent à une personne mal intentionnée d'exécuter des actions diverses, dont l'exécution de code arbitraire à distance.

Solution

Utiliser la mise à jour automatique ou se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple Mac OS X version 10.3.9 et versions antérieures ;
Apple	N/A	Apple Mac OS X Server version 10.3.9 et versions antérieures ;
Apple	N/A	Apple Mac OS X Server version 10.4.10 et versions antérieures ;
Apple	N/A	Apple Mac OS X version 10.4.10 et versions antérieures ;

References

Title

Publication Time

gsd-2007-3758

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-3758

Aliases

CVE-2007-3758

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-3758",
    "description": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.",
    "id": "GSD-2007-3758"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-3758"
      ],
      "details": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks.",
      "id": "GSD-2007-3758",
      "modified": "2023-12-13T01:21:42.014844Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-3758",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "iphone-window-security-bypass(36857)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
          },
          {
            "name": "APPLE-SA-2007-09-27",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=306586",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=306586"
          },
          {
            "name": "25857",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25857"
          },
          {
            "name": "26444",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26444"
          },
          {
            "name": "APPLE-SA-2007-11-14",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307041",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307041"
          },
          {
            "name": "26983",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/26983"
          },
          {
            "name": "ADV-2007-3868",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3868"
          },
          {
            "name": "ADV-2007-3287",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3287"
          },
          {
            "name": "27643",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27643"
          },
          {
            "name": "TA07-319A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
          },
          {
            "name": "1018752",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1018752"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:iphone_os:1.1.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.3",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-3758"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2007-09-27",
              "refsource": "APPLE",
              "tags": [
                "Patch"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2007/Sep/msg00001.html"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=306586",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=306586"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307041",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307041"
            },
            {
              "name": "APPLE-SA-2007-11-14",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html"
            },
            {
              "name": "TA07-319A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-319A.html"
            },
            {
              "name": "25857",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25857"
            },
            {
              "name": "26444",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26444"
            },
            {
              "name": "1018752",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1018752"
            },
            {
              "name": "26983",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/26983"
            },
            {
              "name": "27643",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27643"
            },
            {
              "name": "ADV-2007-3868",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3868"
            },
            {
              "name": "ADV-2007-3287",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/3287"
            },
            {
              "name": "iphone-window-security-bypass(36857)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36857"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2022-08-09T13:46Z",
      "publishedDate": "2007-09-27T22:17Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3758 (GCVE-0-2007-3758)

Vulnerability from cvelistv5

fkie_cve-2007-3758

Vulnerability from fkie_nvd

var-200709-0147

Vulnerability from variot

ghsa-xp89-62wf-p429

Vulnerability from github

CERTA-2007-AVI-499

Vulnerability from certfr_avis

Description

Solution

gsd-2007-3758

Vulnerability from gsd

Tags

Sightings

Nomenclature