SECUNIA ADVISORY ID: SA29846

VERIFY ADVISORY: http://secunia.com/advisories/29846/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, DoS, System access

SOFTWARE:
Safari 3.x http://secunia.com/product/17989/
Safari for Windows 3.x http://secunia.com/product/17978/

DESCRIPTION: Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system. Successful exploitation may allow execution of arbitrary code e.g. when a user visits a malicious web page. The vulnerabilities are reported in versions prior to 3.1.1.

1) An error exists in the handling of URLs containing a colon character in the host name. This can be exploited to conduct cross-site scripting attacks when a specially crafted URL is opened.

2) An integer overflow error exists in WebKit's regular expression compiler in JavaScriptCore/pcre/pcre_compile.cpp. This can be exploited to cause a heap-based buffer overflow via specially crafted regular expressions with large, nested repetition counts.

SOLUTION: Update to version 3.1.1. - http://www.apple.com/support/downloads/safari311.html

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Robert Swiecki of Google Information Security Team and David Bloom
2) Charlie Miller, Jake Honoroff, and Mark Daniel

ORIGINAL ADVISORY:
Apple: http://support.apple.com/kb/HT1467
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-08-022/