Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:529441
HistoryApr 18, 2008 - 12:00 a.m.

Apple Safari fails to properly handle a file name

2008-04-1800:00:00
www.kb.cert.org
21

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.03

Percentile

91.0%

JSON

Overview

A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service.

Description

According to Apple Safari 3.1.1:

_A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. _

Note that this issue only affects Safari on Windows XP or Vista.

Impact

A remote, unauthenticated attacker may be able to execute arbitrary code.

Solution

Apply Apple Updates
Apple has released an update to address this vulnerability. Refer to Apple Safari 3.1.1.

Disable Open “safe” files after downloading option

For instructions on how to disable the Open “safe” files after downloading option in Safari, please refer to the Safari section of the Securing Your Web Browser document.

Do not access files from untrusted sources

Do not download files from unknown or untrusted sources. Do not open unfamiliar or unexpected links, particularly those delivered in email messages. Please see Cyber Security Tip ST04-014.

Vendor Information

529441

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Apple Computer, Inc. __ Affected

Updated: April 18, 2008

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Refer to Apple Safari 3.1.1.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23529441 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://support.apple.com/kb/HT1467&gt;

Acknowledgements

This issue is addressed by Apple Safari 3.1.1.

This document was written by Chris Taschner.

Other Information

CVE IDs: CVE-2008-1024
Severity Metric: 13.11 Date Public:

Related

cve 1
prion 1
nvd 1
cvelist 1
seebug 1
nessus 1
cve
cve
CVE-2008-1024
2008-04-17 19:05:00
prion
prion
Memory corruption
2008-04-17 19:05:00
nvd
nvd
CVE-2008-1024
2008-04-17 19:05:00
cvelist
cvelist
CVE-2008-1024
2008-04-17 17:00:00
seebug
seebug
Apple Safari 3.1.1版本修复多个安全漏洞
2008-04-18 00:00:00
nessus
nessus
Safari < 3.1.1 Multiple Vulnerabilities
2008-04-18 00:00:00

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.03

Percentile

91.0%

JSON
Related for VU:529441
cve1prion1nvd1cvelist1seebug1nessus1