CVE-2008-2540

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.

Apple Safari en Mac OS X y en versiones anteriores a 3.1.2 en Windows, no apunta al usuario después de descargar un objeto que tiene un tipo de contenido no reconocido, lo que permite a atacantes remotos incluir malware dentro de (1) el directorio Desktop en Windows o (2) el directorio Downloads en Mac OS X, y posteriormente permite a atacantes remotos ejecutar código arbitrario en Windows aprovechando una vulnerabilidad de ruta de búsqueda no confiable en (a) Internet Explorer 7 en Windows XP o (b) la función SearchPath en Windows XP, Vista y Server 2003 y 2008, vulnerabilidad también conocida como "Carpet Bomb" y "Blended Threat Elevation of Privilege Vulnerability", un problema diferente de CVE-2008-1032. NOTA: Apple considera esto como vulnerabilidad solo porque los productos Microsoft pueden cargar bibliotecas de aplicaciones del escritorio y, como 20080619, no ha cubierto el problema en un aviso para Mac OS X.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-06-03 CVE Reserved
2008-06-03 CVE Published
2024-08-07 CVE Updated
2024-08-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (21)

URL	Tag	Source
http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx	Third Party Advisory
http://blogs.zdnet.com/security/?p=1230	Third Party Advisory
http://secunia.com/advisories/30467	Third Party Advisory
http://securitytracker.com/id?1020150	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm	Third Party Advisory
http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138	Third Party Advisory
http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html	Broken Link
http://www.securityfocus.com/bid/29445	Third Party Advisory
http://www.securitytracker.com/id?1022047	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-104A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2008/1706	Broken Link
http://www.vupen.com/english/advisories/2009/1028	Broken Link
http://www.vupen.com/english/advisories/2009/1029	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/42765	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509	Signature

URL	Date	SRC

URL	Date	SRC
http://www.microsoft.com/technet/security/advisory/953818.mspx	2019-02-26

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html	2019-02-26
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014	2019-02-26
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015	2019-02-26

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apple Search vendor "Apple"	Safari Search vendor "Apple" for product "Safari"	< 3.1.2 Search vendor "Apple" for product "Safari" and version " < 3.1.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Internet Explorer Search vendor "Microsoft" for product "Internet Explorer"	7 Search vendor "Microsoft" for product "Internet Explorer" and version "7"	-	Safe
Apple Search vendor "Apple"	Safari Search vendor "Apple" for product "Safari"	< 3.1.2 Search vendor "Apple" for product "Safari" and version " < 3.1.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	*	-	Safe
Apple Search vendor "Apple"	Safari Search vendor "Apple" for product "Safari"	< 3.1.2 Search vendor "Apple" for product "Safari" and version " < 3.1.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"	*	-	Safe
Apple Search vendor "Apple"	Safari Search vendor "Apple" for product "Safari"	< 3.1.2 Search vendor "Apple" for product "Safari" and version " < 3.1.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Vista Search vendor "Microsoft" for product "Windows Vista"	-	-	Safe
Apple Search vendor "Apple"	Safari Search vendor "Apple" for product "Safari"	< 3.1.2 Search vendor "Apple" for product "Safari" and version " < 3.1.2"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	-	Safe