7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:C/I:N/A:N
0.004 Low
EPSS
Percentile
74.9%
WebKit in Apple Safari before 4.0.3 does not properly restrict the URL
scheme of the pluginspage attribute of an EMBED element, which allows
user-assisted remote attackers to launch arbitrary file: URLs and obtain
sensitive information via a crafted HTML document.
Author | Note |
---|---|
mdeslaur | appears to be mac/win specific |