Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2008-2540
HistoryJun 03, 2008 - 3:00 p.m.

CVE-2008-2540

2008-06-0315:00:00
mitre
www.cve.org
9

AI Score

7.3

Confidence

Low

EPSS

0.106

Percentile

95.1%

JSON

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a “Carpet Bomb” and a “Blended Threat Elevation of Privilege Vulnerability,” a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.

References

Related

nvd 3
prion 3
cve 3
nessus 6
checkpoint_advisories 2
openvas 6
securityvulns 5
cvelist 2
ubuntucve 1
threatpost 1
mskb 1
seebug 1
nvd
nvd
CVE-2008-2540
2008-06-03 15:32:00
CVE-2008-1032
2008-06-02 21:30:00
CVE-2008-2933
2008-07-17 13:41:00
prion
prion
Privilege escalation
2008-06-03 15:32:00
Input validation
2008-06-02 21:30:00
Design/Logic Flaw
2008-07-17 13:41:00
cve
cve
CVE-2008-2540
2008-06-03 15:32:00
CVE-2008-1032
2008-06-02 21:30:00
CVE-2008-2933
2008-07-17 13:41:00
nessus
nessus
MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
2009-04-15 00:00:00
Safari < 3.1.2 Multiple Vulnerabilities
2008-06-20 00:00:00
Safari < 3.1.2 Multiple Vulnerabilities
2004-08-18 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Apple Safari on Windows Platform Remote Code Execution Vulnerability (MS09-015)
2008-06-02 00:00:00
Apple Safari for Windows and Internet Explorer Combined Code Execution (CVE-2008-2540)
2010-07-13 00:00:00
openvas
openvas
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
2009-04-15 00:00:00
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
2009-04-15 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
2009-04-15 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege &#40;959426&#41;
2009-04-15 00:00:00
Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer &#40;963027&#41;
2009-04-15 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2009-04-20 00:00:00
cvelist
cvelist
CVE-2008-1032
2008-06-02 14:00:00
CVE-2008-2933
2008-07-17 10:00:00
ubuntucve
ubuntucve
CVE-2008-2933
2008-07-17 00:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32
mskb
mskb
MS09-014: Cumulative security update for Internet Explorer
2012-07-18 16:19:51
seebug
seebug
Apple Mac OS X 2008-003更新修复多个安全漏洞
2008-05-29 00:00:00

AI Score

7.3

Confidence

Low

EPSS

0.106

Percentile

95.1%

JSON
Related for CVELIST:CVE-2008-2540
nvd3prion3cve3nessus6checkpoint_advisories2openvas6securityvulns5cvelist2ubuntucve1threatpost1mskb1seebug1