Remote exploitation of a memory corruption vulnerability in WebKit, as
included with multiple vendors' browsers, could allow an attacker to
execute arbitrary code with the privileges of the current user.
Scalable Vector Graphics (SVG) is an XML based file format used to
describe two dimensional vector graphics. It defines both a markup
language, and a JavaScript interface.
When parsing a series of SVG tags, and then manipulating them via
JavaScript, Safari fails to handle exceptional conditions. It is
http://securethoughts.com/security/chromelocalfilexss/chromedownload.php?fna
me=WATCHMENAKED.mhtml
(Image)
2. The SVG(Scalable Vector Graphics) file is a registered extension in some
Safari versions and hence a SVG file gets automatically opened in Safari. If
you ever had an older version of Safari on your computer, this extension
will be most probably there in your registry. Hence, it does not matter what
your current version of Safari is (and you may very well be using the latest
version of Safari). So the exploit works like this:
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2007-5503
Peter Valchev (Google Security) discovered a series of integer
overflow weaknesses in Cairo, a vector graphics rendering library used
by many other applications. If an application uses cairo to render a
maliciously-crafted PNG image, the vulnerability allows the execution
of arbitrary code.
For the stable distribution (etch), these problems have been fixed in
Where: From remote
======================================================================
3) Vendor's Description of Software
"Adobe Illustrator CS4 software is a comprehensive vector graphics
environment with new transparency in gradients and multiple artboards
that invite you to explore more efficient ways to design.".
Product Link:
http://www.adobe.com/products/illustrator/
applications using Cairo.
Background
==========
Cairo is a 2D vector graphics library with cross-device output support.
The AMD64 x86 emulation GTK+ library packages Cairo libraries for 32bit
x86 emulation on AMD64.
Affected packages
=================
to the execution of arbitrary code.
Background
==========
Cairo is a 2D vector graphics library with cross-device output support.
Affected packages
=================
-------------------------------------------------------------------
