8.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:C/A:C
0.969 High
EPSS
Percentile
99.7%
Added: 10/24/2011
CVE: CVE-2011-1774
BID: 48840
OSVDB: 74017
Safari is a web browser for Mac OS X and Windows.
Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice.
Upgrade to Apple Safari 5.0.6 or later.
<http://support.apple.com/kb/HT4808>
This exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn).
The payload will not be executed until the next successful login.
The target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default.
Windows