Apple Safari Webkit libxslt File Creation Vulnerability
Extensible Markup Language (XML) is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications. XSLT is a language with an XML-based syntax that is used to transform XML documents into other XML documents, HTML, or other, unstructured formats such as plain text or RTF. For example:
Sample of incoming XML document:
John Smith Morka Ismincius
XSLT stylesheet provides templates to transform the XML document:
Its evaluation results in a new XML document, having another structure:
WebKit uses the GNOME project's libxslt library for applying XSLT to XML documents. Libxslt supports multiple extensions to XSLT, including many proposed by the EXSLT XSLT extensions initiative, and some found in the Saxon XSLT and XQuery processor. An arbitrary file creation vulnerability exists in Safari's use of the WebKit rendering engine. A remote attacker can exploit this vulnerability create arbitrary files on the target user's machine. Remote code execution is possible if the attacker can write a file that will be executed by the host OS.
SonicUTM team has researched this vulnerability and created the following IPS signatures to detect attacks addressing this vulnerability.
- 2524 Apple Safari Webkit libxslt Arbitrary File Creation 1
- 2534 Apple Safari Webkit libxslt Arbitrary File Creation 2
- 7047 Apple Safari Webkit libxslt Arbitrary File Creation Exploit
This vulnerability has been referred by CVE as CVE-2011-1774.