CVE-2008-2540

Description

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.

Related CPE's

References

http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx

http://blogs.zdnet.com/security/?p=1230

http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html

http://www.microsoft.com/technet/security/advisory/953818.mspx

29445

1020150

30467

APPLE-SA-2008-06-19

ADV-2009-1028

ADV-2009-1029

1022047

TA09-104A

http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

ADV-2008-1706

apple-safari-windows-code-execution(42765)

oval:org.mitre.oval:def:8509

oval:org.mitre.oval:def:6108

oval:org.mitre.oval:def:5782

MS09-015

MS09-014

CvssV3 impact

CvssV2 impact