Executive Summary
Summary | |
---|---|
Title | Blended Threat from Combined Attack Using Apple’s Safari on the Windows Platform |
Informations | |||
---|---|---|---|
Name | KB953818 | First vendor Publication | 2008-05-30 |
Vendor | Microsoft | Last vendor Modification | 2009-04-14 |
Severity (Vendor) | N/A | Revision | 2.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has investigated public reports of a blended threat that allows remote code execution on all supported versions of Windows XP and Windows Vista when Apples Safari for Windows has been installed. Safari is not installed with Windows XP or Windows Vista by default; it must be installed independently or through the Apple Software Update application. Customers running Safari on Windows should review this advisory. We have issued Microsoft Security Bulletin MS09-014, Cumulative Security Update for Internet Explorer (963027), and MS09-015, Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426), to address this issue. For more information about this issue, including download links for security updates, please review MS09-014 and MS09-015. Apple Support has released a security advisory that addresses the vulnerability in Apples Safari 3.1.2 for Windows. Please see Apple security advisory About the security content of Safari 3.1.2 for Windows for more information. Mitigating Factors:
General InformationOverviewPurpose of Advisory: To provide customers with the initial notification and provide additional information regarding the impact to the affected Windows platforms. Advisory Status: Advisory published. Recommendation: Review the suggested actions and configure as appropriate.
This advisory discusses the following software.
Frequently Asked QuestionsWhat is the scope of the advisory? Is this a security vulnerability that requires Microsoft to issue a security update? What causes this threat? What might an attacker use this function to do? Suggested Actions
WorkaroundsMicrosoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
|
Original Source
Url : http://www.microsoft.com/technet/security/advisory/953818.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5782 | |||
Oval ID: | oval:org.mitre.oval:def:5782 | ||
Title: | Blended Threat Elevation of Privilege Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6108 | |||
Oval ID: | oval:org.mitre.oval:def:6108 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8509 | |||
Oval ID: | oval:org.mitre.oval:def:8509 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
2009-04-15 | Name : Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege... File : nvt/secpod_ms09-015.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53623 | Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code ... |
45892 | Apple Safari on Mac OS X Default Download Location Unspecified Arbitrary Code... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-16 | IAVM : 2009-T-0021 - Microsoft Windows SearchPath Blended Threat Vulnerability Severity : Category II - VMSKEY : V0018776 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat attempt RuleID : 16319 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat dll request RuleID : 15468 - Revision : 17 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-014.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : The remote host may allow remote code execution. File : smb_nt_ms09-015.nasl - Type : ACT_GATHER_INFO |
2008-06-20 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_1_2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:46:46 |
|