Executive Summary
Summary | |
---|---|
Title | Apple Safari fails to properly handle a file name |
Informations | |||
---|---|---|---|
Name | VU#529441 | First vendor Publication | 2008-04-18 |
Vendor | VU-CERT | Last vendor Modification | 2008-04-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#529441Apple Safari fails to properly handle a file nameOverviewA vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service.I. DescriptionAccording to Apple Safari 3.1.1:A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. Note that this issue only affects Safari on Windows XP or Vista. II. ImpactA remote, unauthenticated attacker may be able to execute arbitrary code.III. SolutionApply Apple UpdatesApple has released an update to address this vulnerability. Refer to Apple Safari 3.1.1. Disable Open “safe” files after downloading option
References
This issue is addressed by Apple Safari 3.1.1. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/529441 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
43634 | Apple Safari ZIP Archive Name Handling Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-04-18 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_1_1.nasl - Type : ACT_GATHER_INFO |