Apple Safari Webkit libxslt Arbitrary File Creation (CVE-2011-1774)
| Check Point Reference: | CPAI-2011-588 | |
| Date Published: | ||
| Severity: | ||
| Source: | Apple Advisory | |
| Industry Reference(s): | CVE-2011-1774 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apple Computer Safari prior to 5.0.6 | ||
| Vulnerability Description An arbitrary file creation vulnerability has been reported in Apple Safari. |
||
|
Vulnerability Details The vulnerability is due to insufficient restriction of the Webkit by Safari while performing an XSL transformation. A remote attacker may exploit this vulnerability by enticing a user to open a specially crafted web page with an affected version of Safari. Successful exploitation could allow an attacker to write or overwrite arbitrary files on the target machine. |
Protection Overview
This protection will detect and block attempts to open a malicious XSLT page.
In order for the protection to be activated, update your product to the latest update. For information on how to update , go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.