_A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. _
Note that this issue only affects Safari on Windows XP or Vista.
Impact
A remote, unauthenticated attacker may be able to execute arbitrary code.
Solution
Apply Apple Updates
Apple has released an update to address this vulnerability. Refer to Apple Safari 3.1.1.
Disable Open “safe” files after downloading option
For instructions on how to disable the Open “safe” files after downloading option in Safari, please refer to the Safari section of the Securing Your Web Browser document.
Do not access files from untrusted sources
Do not download files from unknown or untrusted sources. Do not open unfamiliar or unexpected links, particularly those delivered in email messages. Please see Cyber Security Tip ST04-014.
Systems Affected
Vendor| Status| Date Notified| Date Updated
---|---|---|---
Apple Computer, Inc.| | -| 18 Apr 2008
If you are a vendor and your product is affected, let us know.
{"bulletinFamily": "info", "hash": "134cf6d3133aed4a9b279dbf888056373954cb45d4c233caf25dcc828fd93b7b", "id": "VU:529441", "lastseen": "2016-02-03T09:12:21", "description": "### Overview\n\nA vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service.\n\n### Description\n\nAccording to Apple Safari [3.1.1](<http://support.apple.com/kb/HT1467>): \n\n_A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. _\n\n \nNote that this issue only affects Safari on Windows XP or Vista. \n \n--- \n \n### Impact\n\nA remote, unauthenticated attacker may be able to execute arbitrary code. \n \n--- \n \n### Solution\n\n**Apply Apple Updates** \nApple has released an update to address this vulnerability. Refer to Apple Safari [3.1.1](<http://support.apple.com/kb/HT1467>). \n \n--- \n \n**Disable Open \u201csafe\u201d files after downloading option** \n \nFor instructions on how to disable the Open \u201csafe\u201d files after downloading option in Safari, please refer to the Safari section of the [Securing Your Web Browser](<http://www.us-cert.gov/reading_room/securing_browser/#sgeneral>) document. \n \n**Do not access files from untrusted sources** \n \nDo not download files from unknown or untrusted sources. Do not open unfamiliar or unexpected links, particularly those delivered in email messages. Please see Cyber Security Tip [ST04-014](<http://www.us-cert.gov/cas/tips/ST04-014.html>)[](<http://www.us-cert.gov/cas/tips/ST04-010.html>). \n \n--- \n \n### Systems Affected \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nApple Computer, Inc.| | -| 18 Apr 2008 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23529441 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | N/A | N/A \n \n### References\n\n * <http://support.apple.com/kb/HT1467>\n\n### Credit\n\nThis issue is addressed by Apple Safari [3.1.1](<http://support.apple.com/kb/HT1467>). \n\nThis document was written by Chris Taschner.\n\n### Other Information\n\n * CVE IDs: [CVE-2008-1024](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1024>)\n * Date Public: 16 Apr 2008\n * Date First Published: 18 Apr 2008\n * Date Last Updated: 18 Apr 2008\n * Severity Metric: 13.11\n * Document Revision: 12\n\n", "objectVersion": "1.2", "published": "2008-04-18T00:00:00", "cvelist": ["CVE-2008-1024", "CVE-2008-1024"], "viewCount": 0, "modified": "2008-04-18T00:00:00", "references": ["http://support.apple.com/kb/HT1467", "http://support.apple.com/kb/HT1467", "http://support.apple.com/kb/HT1467", "http://support.apple.com/kb/HT1467", "http://www.us-cert.gov/reading_room/securing_browser/#sgeneral", "http://www.us-cert.gov/cas/tips/ST04-010.html", "http://www.us-cert.gov/cas/tips/ST04-014.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1024"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 1, "reporter": "CERT", "title": "Apple Safari fails to properly handle a file name", "history": [], "href": "https://www.kb.cert.org/vuls/id/529441", "enchantments": {"vulnersScore": 9.3}, "type": "cert"}
{"result": {"cve": [{"id": "CVE-2008-1024", "type": "cve", "title": "CVE-2008-1024", "description": "Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.", "published": "2008-04-17T15:05:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1024", "cvelist": ["CVE-2008-1024"], "lastseen": "2017-08-08T11:24:31"}], "seebug": [{"id": "SSV:3186", "type": "seebug", "title": "Apple Safari 3.1.1\u7248\u672c\u4fee\u590d\u591a\u4e2a\u5b89\u5168\u6f0f\u6d1e", "description": "BUGTRAQ ID: 28813,28814,28815\r\nCVE(CAN) ID: CVE-2008-1024,CVE-2008-1025,CVE-2008-1026\r\n\r\nSafari\u662f\u82f9\u679c\u5bb6\u65cf\u64cd\u4f5c\u7cfb\u7edf\u9ed8\u8ba4\u6240\u6346\u7ed1\u7684WEB\u6d4f\u89c8\u5668\u3002 \r\n\r\nSafari\u5b9e\u73b0\u4e0a\u5b58\u5728\u5404\u79cd\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u8fd9\u4e9b\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n\u5982\u679c\u7528\u6237\u4f7f\u7528Safari\u4e0b\u8f7d\u4e86\u5e26\u6709\u7279\u5236\u540d\u79f0\u7684\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u80fd\u89e6\u53d1\u5185\u5b58\u7834\u574f\uff0c\u5bfc\u81f4\u6d4f\u89c8\u5668\u7ec8\u6b62\u6216\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\r\nSafari\u7684WebKi\u6ca1\u6709\u6b63\u786e\u5730\u5904\u7406\u4e3b\u673a\u540d\u4e2d\u5305\u542b\u6709\u5192\u53f7\u7684URL\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u7279\u5236\u7684URL\u5c31\u4f1a\u5bfc\u81f4\u6267\u884c\u8de8\u7ad9\u811a\u672c\u3002\r\n\r\nWebKit\u4e2d\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u7f16\u8bd1\u5668\uff08JavaScriptCore/pcre/pcre_compile.cpp\uff09\u4e2d\u5b58\u5728\u5806\u6ea2\u51fa\u6f0f\u6d1e\u3002\u5982\u679c\u5728\u6b63\u5219\u8868\u8fbe\u5f0f\u4e2d\u5d4c\u5957\u4e86\u5927\u91cf\u53cd\u590d\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u8fd9\u4e2a\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nApple Safari 3.1 \r\nApple Safari 3\n Robert Swiecki \uff08<a href=mailto:robert@swiecki.net target=_blank>robert@swiecki.net</a>\uff09\r\n Charlie Miller\r\n \r\n \u94fe\u63a5\uff1a<a href=http://support.apple.com/kb/HT1467 target=_blank>http://support.apple.com/kb/HT1467</a>\r\n <a href=http://marc.info/?l=bugtraq&m=120838537332599&w=2 target=_blank>http://marc.info/?l=bugtraq&m=120838537332599&w=2</a>", "published": "2008-04-18T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.seebug.org/vuldb/ssvid-3186", "cvelist": ["CVE-2008-1024", "CVE-2008-1025", "CVE-2008-1026"], "lastseen": "2017-11-19T21:43:16"}], "nessus": [{"id": "SAFARI_3_1_1.NASL", "type": "nessus", "title": "Safari < 3.1.1 Multiple Vulnerabilities", "description": "The version of Safari installed on the remote host reportedly is affected by several issues :\n\n - A malicious website can spoof window titles and URL bars (CVE-2007-2398).\n\n - A memory corruption issue in the file downloading capability could lead to a crash or arbitrary code execution (CVE-2008-1024).\n\n - A cross-site scripting vulnerability exists in WebKit's handling of URLs that contain a colon character in the host name (CVE-2008-1025).\n\n - A heap-based buffer overflow exists in WebKit's handling of JavaScript regular expressions (CVE-2008-1026).", "published": "2008-04-18T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:COMPLETE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=31993", "cvelist": ["CVE-2007-2398", "CVE-2008-1024", "CVE-2008-1025", "CVE-2008-1026"], "lastseen": "2017-10-29T13:38:08"}]}}
