CVE-2010-0045

2010-03-1513:28:25

CWE-20

[email protected]

web.nvd.nist.gov

apple

safari

cve-2010-0045

windows

security vulnerability

code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.021 Low

EPSS

Percentile

89.2%

JSON

Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

Affected configurations

NVD

Node

applesafariRange≤4.0.4

applesafariMatch4.0

applesafariMatch4.0beta

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

AND

microsoftwindows

CPENameOperatorVersion
apple:safariapple safarile4.0.4
apple:safariapple safarieq4.0
apple:safariapple safarieq4.0.1
apple:safariapple safarieq4.0.2
apple:safariapple safarieq4.0.3

CPE	Name	Operator	Version
apple:safari	apple safari	le	4.0.4
apple:safari	apple safari	eq	4.0
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	4.0.3