漏洞信息详情

CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari权限许可和访问控制漏洞

• CNNVD编号：CNNVD-200806-055
• 危害等级： 高危
  
• CVE编号： CVE-2008-2540
• 漏洞类型： 权限许可和访问控制
• 发布时间： 2008-05-30
• 威胁类型： 远程
• 更新时间： 2011-07-15
• 厂        商： CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
• 漏洞来源： Nitesh Dhanjani

漏洞简介

基于Mac OS X的CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari以及基于Windows的3.1.2之前版本在下载带有无法识别内容类型的对象之前不能提示用户。远程攻击者可利用该漏洞在Windows桌面目录或Mac OS X下载目录中放置恶意软件，并且可利用Windows XP平台的Internet Explorer 7或者Windows XP，Vista，Server 2003以及2008的SearchPath函数中的不可信搜索路径漏洞执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

http://www.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/safari/download

http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx?pf=true

参考网址

来源: US-CERT

名称: TA09-104A

链接:http://www.us-cert.gov/cas/techalerts/TA09-104A.HTML

来源: XF

名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-safari-windows-code-execution(42765)

链接:http://xforce.iss.net/xforce/xfdb/42765

来源: VUPEN

名称: ADV-2009-1029

链接:http://www.vupen.com/english/advisories/2009/1029

来源: VUPEN

名称: ADV-2009-1028

链接:http://www.vupen.com/english/advisories/2009/1028

来源: SECTRACK

名称: 1022047

链接:http://www.securitytracker.com/id?1022047

来源: BID

名称: 29445

链接:http://www.securityfocus.com/bid/29445

来源: MS

名称: MS09-015

链接:http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx

来源: MISC

链接:http://www.microsoft.com/technet/security/advisory/953818.mspx

来源: VUPEN

名称: ADV-2008-1706

链接:http://www.frsirt.com/english/advisories/2008/1706

来源: MISC

链接:http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.HTML

来源: support.nortel.com

链接:http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138

来源: support.avaya.com

链接:http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm

来源: SECTRACK

名称: 1020150

链接:http://securitytracker.com/id?1020150

来源: SECUNIA

名称: 30467

链接:http://secunia.com/advisories/30467

来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple

名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2008-06-19

链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2008//Jun/msg00001.HTML

来源: MISC

链接:http://blogs.zdnet.com/security/?p=1230

来源: MISC

链接:http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx

受影响实体

• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari:3.1.1b:-:Windows  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari:3.1.1  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari:3.1.0b:-:Windows  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari:3.1.0b  
• CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple Safari:3.1.0  

补丁

暂无