Lucene search

K

MitreCVE-2008-2540

HistoryJun 03, 2008 - 3:32 p.m.

CVE-2008-2540

2008-06-0315:32:00

CWE-264

mitre

web.nvd.nist.gov

44

cve-2008-2540

apple safari

mac os x

windows

malware

remote code execution

internet explorer 7

searchpath

vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.106

Percentile

95.1%

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a “Carpet Bomb” and a “Blended Threat Elevation of Privilege Vulnerability,” a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.

Affected configurations

Nvd

Node

applesafariRange<3.1.2

AND

microsoftinternet_explorerMatch7

OR

microsoftwindows_server_2003

OR

microsoftwindows_server_2008

OR

microsoftwindows_vistaMatch-

OR

microsoftwindows_xpMatch-

References

aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx

blogs.zdnet.com/security/?p=1230

lists.apple.com/archives/security-announce/2008//Jun/msg00001.html

secunia.com/advisories/30467

securitytracker.com/id?1020150

support.avaya.com/elmodocs2/security/ASA-2009-133.htm

support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html

www.microsoft.com/technet/security/advisory/953818.mspx

www.securityfocus.com/bid/29445

www.securitytracker.com/id?1022047

www.us-cert.gov/cas/techalerts/TA09-104A.html

www.vupen.com/english/advisories/2008/1706

www.vupen.com/english/advisories/2009/1028

www.vupen.com/english/advisories/2009/1029

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014

docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015

exchange.xforce.ibmcloud.com/vulnerabilities/42765

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.106

Percentile

95.1%

Related for CVE-2008-2540

nvd3 prion3 cvelist3 nessus6 checkpoint_advisories2 openvas6 securityvulns5 cve2 ubuntucve1 threatpost1 mskb1 seebug1