| Name | Apple.Safari.Windows.Platform.Arbitrary.File.Download |
| Release Date | Jun 02, 2008 |
| Severity | High |
| Impact | System Compromise |
| Description | This indicates an attack attempt against a combination of vulnerabilities in Apple Safari that have been installed in all versions of Microsoft Windows XP and Windows Vista.
The vulnerability is caused by an error when the vulnerable software handles a malicious HTML document. It allows a remote attacker to download files to a user's machine and then execute them without prompting. |
| Affected Products | Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition SP1
Internet Explorer 6 for Microsoft Windows XP SP2, Microsoft Windows XP SP3, Microsoft Windows XP Professional x64 Edition, and Microsoft Windows XP Professional x64 Edition SP2
Internet Explorer 7 for Microsoft Windows XP SP2, Microsoft Windows XP SP3, Microsoft Windows XP Professional x64 Edition, and Microsoft Windows XP Professional x64 Edition SP2
Internet Explorer 7 for Microsoft Windows Vista, Microsoft Windows Vista SP1, Microsoft Windows Vista x64 Edition, and Microsoft Windows Vista x64 Edition SP1 |
| Recommended Actions | There are currently no known vendor-supplied patches. Please check the following URL for the workaround:
http://www.microsoft.com/technet/security/advisory/953818.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2540
|
| Reference/s | http://www.securityfocus.com/bid/29445 (BugTraq)
http://www.microsoft.com/technet/security/advisory/953818.mspx
http://www.milw0rm.com/exploits/2929
|