Vulnerabilities > CVE-2004-1314 - Unspecified vulnerability in Apple Safari

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
apple
nessus

Summary

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.

Nessus

NASL familyMacOS X Local Security Checks
NASL idMACOSX_SECUPD2005-001.NASL
descriptionhe remote host is missing Security Update 2005-001. This security update contains a number of fixes for the following programs : - at commands - ColorSync - libxml2 - Mail - PHP - Safari - SquirrelMail These programs have multiple vulnerabilities which may allow a remote attacker to execute arbitrary code.
last seen2020-06-01
modified2020-06-02
plugin id16251
published2005-01-26
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/16251
titleMac OS X Multiple Vulnerabilities (Security Update 2005-001)
code
#
# (C) Tenable Network Security, Inc.
#

if ( ! defined_func("bn_random") ) exit(0);
if ( NASL_LEVEL < 3000) exit(0);

include("compat.inc");

if(description)
{
 script_id(16251);
 script_version ("1.21");
 script_cve_id("CVE-2005-0125", "CVE-2005-0126", "CVE-2004-0989", "CVE-2005-0127", "CVE-2003-0860", 
               "CVE-2003-0863", "CVE-2004-0594", "CVE-2004-0595", "CVE-2004-1018", "CVE-2004-1019", 
               "CVE-2004-1020", "CVE-2004-1063", "CVE-2004-1064", "CVE-2004-1065", "CVE-2004-1314", 
               "CVE-2004-1036");
 script_bugtraq_id(12367, 12366, 12297, 11857);

 script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2005-001)");
 script_summary(english:"Check for Security Update 2005-001");

 script_set_attribute( attribute:"synopsis", value:
"The remote host is missing a Mac OS X update that fixes a security
issue." );
 script_set_attribute(attribute:"description",   value:
"he remote host is missing Security Update 2005-001. This security
update contains a number of fixes for the following programs :

  - at commands
  - ColorSync
  - libxml2
  - Mail
  - PHP
  - Safari
  - SquirrelMail

These programs have multiple vulnerabilities which may allow a remote
attacker to execute arbitrary code." );
 script_set_attribute(
   attribute:"see_also",
   value:"http://support.apple.com/kb/TA22859"
 );
 script_set_attribute(
   attribute:"solution", 
   value:"Install Security Update 2005-001."
 );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploited_by_malware", value:"true");
 script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
 script_set_attribute(attribute:"canvas_package", value:'CANVAS');
 script_cwe_id(20);
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/26");
 script_set_attribute(attribute:"vuln_publication_date", value: "2003/07/16");
 script_set_attribute(attribute:"patch_publication_date", value: "2005/01/26");
 script_cvs_date("Date: 2018/07/14  1:59:35");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
 script_end_attributes();
 
 script_category(ACT_GATHER_INFO);
 script_family(english:"MacOS X Local Security Checks");

 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");

 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/MacOSX/packages");
 exit(0);
}


packages = get_kb_item("Host/MacOSX/packages");
if ( ! packages ) exit(0);

uname = get_kb_item("Host/uname");
# MacOS X 10.2.8, 10.3.7 only
if ( egrep(pattern:"Darwin.* (6\.8\.|7\.7\.)", string:uname) )
{
  if ( ! egrep(pattern:"^SecUpd(Srvr)?2005-001", string:packages) ) security_hole(0);
	else non_vuln = 1;
}
else if ( egrep(pattern:"Darwin.* (6\.9|[0-9][0-9]\.|7\.([8-9]\.|[0-9][0-9]\.))", string:uname) ) non_vuln = 1;

if ( non_vuln )
{
 list = make_list("CVE-2005-0125", "CVE-2005-0126", "CVE-2004-0989", "CVE-2005-0127", "CVE-2003-0860", "CVE-2003-0863", "CVE-2004-0594", "CVE-2004-0595", "CVE-2004-1018", "CVE-2004-1019", "CVE-2004-1020", "CVE-2004-1063", "CVE-2004-1064", "CVE-2004-1065", "CVE-2004-1314", "CVE-2004-1036");
 foreach cve (list) set_kb_item(name:cve, value:TRUE);
}