Privacy and Legal Notice

CIAC INFORMATION BULLETIN

S-343: Apple Safari 3.1.2 for Windows

[HT2092]

July 28, 2008 19:00 GMT
PROBLEM: Apple Safari automatically executes downloaded files based on Internet Explorer zone settings, which can allow a remote attacker to execute arbitary code on a vulnerable system.
PLATFORM: Apple Safari 3
DAMAGE: Execute arbitrary code.
SOLUTION: Upgrade to the appropriate version.
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. By convincing a user to visit a specially crafted web page with Apple Safari on Windows, an attacker mey be able to execute arbitrary code on a vulnerable system.
CVSS 2 BASE SCORE:
   TEMPORAL SCORE:
   VECTOR:		 7.5
6.2
(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/s-343.shtml
  ORIGINAL BULLETIN: http://support.apple.com/kb/HT2092
  CVE: CVE-2008-2306 
[***** Start HT2092 *****]


              Please visit Apple's Web site to view their            
			  
			        Apple Safari 3.1.2 for Windows
			     
				 
				  http://support.apple.com/kb/HT2092


[***** End HT2092 *****]
CIAC wishes to acknowledge the contributions of Apple for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/