9.3

CVE-2010-0045

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version <= 4.0.4
   MicrosoftWindows
AppleSafari Version4.0
   MicrosoftWindows
AppleSafari Version4.0 Updatebeta
   MicrosoftWindows
AppleSafari Version4.0.1
   MicrosoftWindows
AppleSafari Version4.0.2
   MicrosoftWindows
AppleSafari Version4.0.3
   MicrosoftWindows
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.4% 0.901
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html
Vendor Advisory
http://support.apple.com/kb/HT4070
Vendor Advisory
http://www.securityfocus.com/bid/38671
Patch
http://www.securitytracker.com/id?1023706
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6817