Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:SAFARI:WEBKIT-LIBXSLT

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Apple Safari Webkit libxslt Arbitrary File Creation

Release Date

 2011/11/11

Update Number

 2029

Supported Platforms

 idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apple Safari Webkit libxslt Arbitrary File Creation


An arbitrary file creation vulnerability exists in Apple's Safari web browser. The vulnerability is due to the way Webkit processes XSL transformations. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted web page. Successful exploitation could lead to the creation (or overwriting) of arbitrary files on the target system, and execution of arbitrary code in the context of the currently logged-in user.

Extended Description

WebKit is prone to a remote code-execution vulnerability. Attackers may exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will crash the application. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it.

Affected Products

  • Apple iOS 4
  • Apple iOS 4.0.1
  • Apple iOS 4.0.2
  • Apple iOS 4.1
  • Apple iOS 4.2
  • Apple iOS 4.2.1
  • Apple iOS 4.2.10
  • Apple iOS 4.2.5
  • Apple iOS 4.2.6
  • Apple iOS 4.2.7
  • Apple iOS 4.2.8
  • Apple iOS 4.2.9
  • Apple iOS 4.2 beta
  • Apple iOS 4.3
  • Apple iOS 4.3.1
  • Apple iOS 4.3.2
  • Apple iOS 4.3.3
  • Apple iOS 4.3.4
  • Apple iOS 4.3.5
  • Apple iPad
  • Apple iPhone
  • Apple iPod Touch
  • Apple iTunes 10
  • Apple iTunes 10.1
  • Apple iTunes 10.2
  • Apple iTunes 10.2.2
  • Apple iTunes 8.0
  • Apple iTunes 8.0.0
  • Apple iTunes 8.0.0 - Windows
  • Apple iTunes 8.0.1
  • Apple iTunes 8.0.2.20
  • Apple iTunes 8.1
  • Apple iTunes 8.2
  • Apple iTunes 9.0.0
  • Apple iTunes 9.0.1
  • Apple iTunes 9.0.1.8
  • Apple iTunes 9.0.2
  • Apple iTunes 9.1
  • Apple iTunes 9.2
  • Apple iTunes 9.2.1
  • Apple iTunes
  • Apple Safari 4.0
  • Apple Safari 4.0.1
  • Apple Safari 4.0.2
  • Apple Safari 4.0.2 For Windows
  • Apple Safari 4.0.3
  • Apple Safari 4.0.3 For Windows
  • Apple Safari 4.0.4
  • Apple Safari 4.0.4 For Windows
  • Apple Safari 4.0.5
  • Apple Safari 4.0.5 For Windows
  • Apple Safari 4.0 Beta
  • Apple Safari 4.1
  • Apple Safari 4.1.1
  • Apple Safari 4.1.2
  • Apple Safari 4.1.2 for Windows
  • Apple Safari 4.1.3
  • Apple Safari 4.1.3 for Windows
  • Apple Safari 5.0
  • Apple Safari 5.0.1
  • Apple Safari 5.0.1 for Windows
  • Apple Safari 5.0.2
  • Apple Safari 5.0.2 for Windows
  • Apple Safari 5.0.3
  • Apple Safari 5.0.3 for Windows
  • Apple Safari 5.0.4
  • Apple Safari 5.0.4 for Windows
  • Apple Safari 5.0.5
  • Apple Safari 5.0.5 for Windows
  • Apple Safari 5.0 For Windows
  • SuSE SUSE Linux Enterprise Desktop 11 SP1
  • SuSE SUSE Linux Enterprise SDK 11 SP1
  • WebKit Open Source Project WebKit

References

  • BugTraq: 48840
  • CVE: CVE-2011-1774

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out