CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
Added: 05/28/2010
CVE: CVE-2010-1939
BID: 39990
OSVDB: 64482
Safari is a web browser for Mac OS X and Windows.
Apple Safari 4.0.5 for Windows (and probably earlier) allows remote attackers to execute arbitrary code by enticing the user to open a crafted HTML document. The crafted HTML page can create a pop-up window using the window.open() method, and then call the parent window’s window.close() method, thereby triggering the vulnerability due to an invalid pointer.
Enable the browser pop-up blocker (this is normally enabled by default in Safari). Consider disabling JavaScript in Safari. Upgrade when a fixed release becomes available.
<http://secunia.com/advisories/39670>
<http://www.kb.cert.org/vuls/id/943165>
Exploit works on Apple Safari 4.0.5 for Windows.
The exploit web page must be the first page loaded into the Apple Safari browser instance on the target.
Pop-Up windows must be enabled on the target Apple Safari browser, i.e., disable the pop-up blocker.
The vulnerability is triggered when the user closes the pop-up window with [Alt + F4]. It may take a longer time than normal to establish the shell session.
Windows