Apple Safari DoS or XSS Vulnerability - July09

Summary
This host is installed with Apple Safari Web Browser and is prone to Denial of Service or Cross-Site Scripting vulnerability.
Impact
Successful exploitation will let the attacker execute arbitrary code and can cause memory corruption, XSS attacks and can deny the service in the victim's system. Impact Level: Application
Solution
Upgrade to Safari version 4.0.2 (4.30.19.1) http://www.apple.com/support/downloads
Insight
- Error in 'WebKit' is allow user to inject arbitrary web script or HTML via vectors related to parent and top objects. - Error in 'WebKit' is fails to handle numeric character references via a crafted HTML document.
Affected
Apple Safari version prior to 4.0.2 on Windows.
References