CVE-2007-2398
Severity Score
7.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers to modify the window title and address bar while filling the main window with arbitrary content by setting the location bar and using setTimeout() to create an event that modifies the window content, which could facilitate phishing attacks.
El Apple Safari 3.0.1 beta (522.12.12) bajo Windows permite a atacantes remotos modificar el título de una ventana y la barra de direcciones mientras se rellena la ventana principal con contenido de su elección estableciendo la barra de localización y usando el setTimeout() para la creación de un evento que modifique el contenido de la ventana, lo que puede facilitar ataques de phishing.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-04-30 CVE Reserved
- 2007-06-21 CVE Published
- 2024-08-07 CVE Updated
- 2024-08-16 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0311.html | Mailing List | |
| http://osvdb.org/38862 | Vdb Entry | |
| http://support.apple.com/kb/HT1467 | X_refsource_confirm |
|
| http://www.securityfocus.com/archive/1/471452/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/471454/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/24484 | Vdb Entry | |
| http://www.securitytracker.com/id?1018282 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/2316 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2008/0979/references | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/35050 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/Security-announce/2007/Jun/msg00004.html | 2018-10-16 | |
| http://lists.apple.com/archives/security-announce/2008/Apr/msg00001.html | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 3.0.1 Search vendor "Apple" for product "Safari" and version "3.0.1" | windows |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 2003 Server Search vendor "Microsoft" for product "Windows 2003 Server" | sp2 Search vendor "Microsoft" for product "Windows 2003 Server" and version "sp2" | - |
Safe
|