CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.7%
The version of Safari installed on the remote Windows host is earlier than 3.2.3. Such versions are potentially affected by several issues :
A heap buffer overflow issue in the libxml library when handling long entity names could lead to a crash or arbitrary code execution. (CVE-2008-3529)
Multiple input validation issues exist in Safari’s handling of ‘feed:’ URLs, which could be abused to execute arbitrary JavaScript code. (CVE-2009-0162)
A memory corruption issue in WebKit’s handling of SVGList objects could lead to arbitrary code execution. (CVE-2009-0945)
Binary data 5024.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0162
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
lists.apple.com/archives/security-announce/2009/may/msg00000.html
research.microsoft.com/apps/pubs/default.aspx?id=79323
support.apple.com/kb/HT3550