Vulnerability Name: | CVE-2008-2540 (CCN-42765) | ||||||||
Assigned: | 2008-05-30 | ||||||||
Published: | 2008-05-30 | ||||||||
Updated: | 2019-02-26 | ||||||||
Summary: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. Note: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||||||||
CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MISC Type: Third Party Advisory http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx Source: MISC Type: Third Party Advisory http://blogs.zdnet.com/security/?p=1230 Source: MITRE Type: CNA CVE-2008-2540 Source: APPLE Type: Mailing List, Vendor Advisory APPLE-SA-2008-06-19 Source: CCN Type: SA30467 Apple Safari on Windows Code Execution Vulnerability Source: SECUNIA Type: Third Party Advisory 30467 Source: CCN Type: SECTRACK ID: 1020150 Apple Safari for Windows XP and Vista Lets Remote Users Download Files Source: SECTRACK Type: Third Party Advisory, VDB Entry 1020150 Source: CCN Type: SECTRACK ID: 1022047 Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code Source: CONFIRM Type: Third Party Advisory http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm Source: CCN Type: ASA-2009-133 MS09-014 Cumulative Security Update for Internet Explorer (963027) Source: CCN Type: ASA-2009-138 MS09-015 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) Source: CCN Type: NORTEL BULLETIN ID: 2009009451, Rev 1 Nortel Response to Microsoft Security Bulletin MS09-014 Source: CONFIRM Type: Third Party Advisory http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 Source: MISC Type: Broken Link http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html Source: CCN Type: Microsoft Security Advisory (953818) Blended Threat from Combined Attack Using Apples Safari on the Windows Platform Source: MISC Type: Mitigation, Patch, Vendor Advisory http://www.microsoft.com/technet/security/advisory/953818.mspx Source: CCN Type: Microsoft Security Bulletin MS09-014 Cumulative Security Update for Internet Explorer (963027) Source: CCN Type: Microsoft Security Bulletin MS09-015 Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) Source: BID Type: Third Party Advisory, VDB Entry 29445 Source: CCN Type: BID-29445 Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1022047 Source: CERT Type: Third Party Advisory, US Government Resource TA09-104A Source: VUPEN Type: Broken Link ADV-2008-1706 Source: VUPEN Type: Broken Link ADV-2009-1028 Source: VUPEN Type: Broken Link ADV-2009-1029 Source: MS Type: UNKNOWN MS09-014 Source: MS Type: UNKNOWN MS09-015 Source: XF Type: Third Party Advisory, VDB Entry apple-safari-windows-code-execution(42765) Source: XF Type: UNKNOWN apple-safari-windows-code-execution(42765) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:5782 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:6108 Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:8509 | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: Denotes that component is vulnerable | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |