Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
BID:39990
Info
Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
| Bugtraq ID: | 39990 |
| Class: | Unknown |
| CVE: |
CVE-2010-1939 |
| Remote: | Yes |
| Local: | No |
| Published: | May 07 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | Krystian Kloskowski |
| Vulnerable: |
Apple Safari 4.0.5 for Windows |
| Not Vulnerable: | |
Discussion
Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
Apple Safari is prone to an unspecified remote code-execution vulnerability.
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.
NOTE: To successfully exploit this issue, the browser pop-up blocker needs to be disabled. The pop-up blocker in Safari is enabled by default.
Apple Safari 4.0.5 running on Windows is vulnerable; other versions may be affected as well.
Apple Safari is prone to an unspecified remote code-execution vulnerability.
Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.
NOTE: To successfully exploit this issue, the browser pop-up blocker needs to be disabled. The pop-up blocker in Safari is enabled by default.
Apple Safari 4.0.5 running on Windows is vulnerable; other versions may be affected as well.
Exploit / POC
Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Solution / Fix
Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Apple Safari 'window.parent.close()' Unspecified Remote Code Execution Vulnerability
References:
References: