VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow
Vulnerability
http://www.vupen.com/english/research.php
"Safari is a web browser developed by Apple. As of February 2010,
Safari was the fourth most widely used browser, with 4.45% of the
worldwide usage share of web browsers according to Net Application."
VUPEN Vulnerability Research Team discovered a vulnerability in
Apple Safari.
The flaw is caused by an integer overflow error in ColorSync when
processing certain images with an embedded color profile, which
could be exploited by attackers to potentially execute arbitrary
code via a specially crafted web page.
Apple Safari versions prior to 4.0.5
In-depth binary analysis of the vulnerability and a proof-of-concept
have been released by VUPEN through the VUPEN Binary Analysis
& Exploits Service :
Upgrade to Apple Safari 4.0.5:
http://www.apple.com/safari/download/
The vulnerability was discovered by Sebastien Renaud of VUPEN Security
VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be
exploited, ensure security policy compliance and meaningfully measure
and manage risks.
VUPEN also provides in-depth binary analysis of vulnerabilities and
commercial-grade exploit codes to help security vendors, governments,
and corporations to evaluate and qualify risks, and protect their
infrastructures and assets.
http://www.vupen.com/english/services
http://www.vupen.com/english/advisories/2010/0599
http://support.apple.com/kb/HT4070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0040
2009-12-03 - Vendor notified
2009-12-07 - Vendor response
2010-01-26 - Status update received
2010-03-04 - Status update received
2010-03-12 - Coordinated public Disclosure