Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4424

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-4424
Last Modified 05 Sep 2008 05:28:12
Published 18 Aug 2007 06:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-4424

Summary

Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content.

Vulnerable Systems

Application

  • Apple Safari 3.0.3


References

SECTRACK - 1018575

BUGTRAQ - 20070815 Re: Safari for windows remote arbitry file upload

BUGTRAQ - 20070811 Safari for windows remote arbitry file upload

BUGTRAQ - 20070820 Re: Re: Safari for windows remote arbitry file upload

SREASON - 3022


Last Updated: 27 May 2016 10:45:52