Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2008-2540
HistoryJun 03, 2008 - 3:32 p.m.

Privilege escalation

2008-06-0315:32:00
PRIOn knowledge base
www.prio-n.com
6

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.1%

JSON

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a “Carpet Bomb” and a “Blended Threat Elevation of Privilege Vulnerability,” a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.

CPENameOperatorVersion
safarilt3.1.2

References

Related

cve 3
checkpoint_advisories 2
openvas 6
nessus 6
securityvulns 5
prion 2
ubuntucve 1
threatpost 1
mskb 1
seebug 1
cve
cve
CVE-2008-2540
2008-06-03 15:32:00
CVE-2008-1032
2008-06-02 21:30:00
CVE-2008-2933
2008-07-17 13:41:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Apple Safari on Windows Platform Remote Code Execution Vulnerability (MS09-015)
2008-06-02 00:00:00
Apple Safari for Windows and Internet Explorer Combined Code Execution (CVE-2008-2540)
2010-07-13 00:00:00
openvas
openvas
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
2009-04-15 00:00:00
Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
2009-04-15 00:00:00
Microsoft Internet Explorer Remote Code Execution Vulnerability (963027)
2009-04-15 00:00:00
nessus
nessus
MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
2009-04-15 00:00:00
Safari < 3.1.2 Multiple Vulnerabilities
2004-08-18 00:00:00
Safari < 3.1.2 Multiple Vulnerabilities
2008-06-20 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS09-015 – Moderate Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege &#40;959426&#41;
2009-04-15 00:00:00
Microsoft Security Bulletin MS09-014 - Critical Cumulative Security Update for Internet Explorer &#40;963027&#41;
2009-04-15 00:00:00
Microsoft Internet Explorer multiple security vulnerabilities
2009-04-20 00:00:00
prion
prion
Input validation
2008-06-02 21:30:00
Design/Logic Flaw
2008-07-17 13:41:00
ubuntucve
ubuntucve
CVE-2008-2933
2008-07-17 00:00:00
threatpost
threatpost
Microsoft plugs gaping holes in IE, Excel, Windows
2009-04-14 17:56:32
mskb
mskb
MS09-014: Cumulative security update for Internet Explorer
2012-07-18 16:19:51
seebug
seebug
Apple Mac OS X 2008-003更新修复多个安全漏洞
2008-05-29 00:00:00

7.6 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.114 Low

EPSS

Percentile

95.1%

JSON
Related for PRION:CVE-2008-2540
cve3checkpoint_advisories2openvas6nessus6securityvulns5prion2ubuntucve1threatpost1mskb1seebug1