9.3
CVE-2008-2540
- EPSS 8.32%
- Veröffentlicht 03.06.2008 15:32:00
- Zuletzt bearbeitet 16.06.2026 22:53:57
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apple ≫ Safari Version < 3.1.2
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Server 2008
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
Microsoft ≫ Windows Server 2003
Microsoft ≫ Windows Server 2008
Microsoft ≫ Windows Vista Version-
Microsoft ≫ Windows Xp Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.32% | 0.942 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx
http://blogs.zdnet.com/security/?p=1230
http://secunia.com/advisories/30467
http://securitytracker.com/id?1020150
http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138
http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html
http://www.microsoft.com/technet/security/advisory/953818.mspx
http://www.securityfocus.com/bid/29445
http://www.securitytracker.com/id?1022047
http://www.vupen.com/english/advisories/2008/1706
http://www.vupen.com/english/advisories/2009/1028
http://www.vupen.com/english/advisories/2009/1029
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015
https://exchange.xforce.ibmcloud.com/vulnerabilities/42765
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509