CVE-2008-2540

Current Description

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.

Referenced by CVEs:CVE-2008-2933

Basic Data

PublishedJune 03, 2008
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationAppleSafari********3.1.2
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationMicrosoftInternet Explorer7*******
      2.3OSMicrosoftWindows Server 2003********
      2.3OSMicrosoftWindows Server 2008********
      2.3OSMicrosoftWindows Vista-*******
      2.3OSMicrosoftWindows Xp-*******

Vulnerable Software List

VendorProductVersions
Apple Safari *

References

NameSourceURLTags
http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspxhttp://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspxMISCThird Party Advisory
http://blogs.zdnet.com/security/?p=1230http://blogs.zdnet.com/security/?p=1230MISCThird Party Advisory
APPLE-SA-2008-06-19http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.htmlAPPLEMailing List Vendor Advisory
30467http://secunia.com/advisories/30467SECUNIAThird Party Advisory
1020150http://securitytracker.com/id?1020150SECTRACKThird Party Advisory VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2009-133.htmhttp://support.avaya.com/elmodocs2/security/ASA-2009-133.htmCONFIRMThird Party Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138CONFIRMThird Party Advisory
http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.htmlhttp://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.htmlMISCBroken Link
http://www.microsoft.com/technet/security/advisory/953818.mspxhttp://www.microsoft.com/technet/security/advisory/953818.mspxMISCMitigation PATCH Vendor Advisory
29445http://www.securityfocus.com/bid/29445BIDThird Party Advisory VDB Entry
1022047http://www.securitytracker.com/id?1022047SECTRACKThird Party Advisory VDB Entry
TA09-104Ahttp://www.us-cert.gov/cas/techalerts/TA09-104A.htmlCERTThird Party Advisory US Government Resource
ADV-2008-1706http://www.vupen.com/english/advisories/2008/1706VUPENBroken Link
ADV-2009-1028http://www.vupen.com/english/advisories/2009/1028VUPENBroken Link
ADV-2009-1029http://www.vupen.com/english/advisories/2009/1029VUPENBroken Link
MS09-014https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014MS
MS09-015https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015MS
apple-safari-windows-code-execution(42765)https://exchange.xforce.ibmcloud.com/vulnerabilities/42765XFThird Party Advisory VDB Entry
oval:org.mitre.oval:def:5782https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782OVALThird Party Advisory
oval:org.mitre.oval:def:6108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108OVALThird Party Advisory
oval:org.mitre.oval:def:8509https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509OVALThird Party Advisory