CVE-2007-2398
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:C/A:N
AI Score
Confidence
Low
EPSS
Percentile
90.9%
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_2003_server | sp2 | cpe:2.3:o:microsoft:windows_2003_server:sp2:*:*:*:*:*:*:* |
| apple | safari | 3.0.1 | cpe:2.3:a:apple:safari:3.0.1:*:windows:*:*:*:*:* |
References
archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html
lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html
lists.apple.com/archives/security-announce/2008/Apr/msg00001.html
osvdb.org/38862
support.apple.com/kb/HT1467
www.securityfocus.com/archive/1/471452/100/0/threaded
www.securityfocus.com/archive/1/471454/100/0/threaded
www.securityfocus.com/bid/24484
www.securitytracker.com/id?1018282
www.vupen.com/english/advisories/2007/2316
www.vupen.com/english/advisories/2008/0979/references
exchange.xforce.ibmcloud.com/vulnerabilities/35050
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:C/A:N
AI Score
Confidence
Low
EPSS
Percentile
90.9%