NVD Vulnerability Detail

CVE-2008-2540

Summary	Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
Publication Date	June 4, 2008, 12:32 a.m.
Registration Date	Jan. 29, 2021, 1:37 p.m.
Last Update	Feb. 26, 2019, 11:04 p.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apple:safari::::::::					3.1.2
execution environment
1	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
2	cpe:2.3:o:microsoft:windows_server_2003::::::::
3	cpe:2.3:o:microsoft:windows_server_2008::::::::
4	cpe:2.3:o:microsoft:windows_vista:-:::::::*
5	cpe:2.3:o:microsoft:windows_xp:-:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx	MISC	Third Party Advisory
2	http://blogs.zdnet.com/security/?p=1230	MISC	Third Party Advisory
3	http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html	MISC	Broken Link
4	http://www.microsoft.com/technet/security/advisory/953818.mspx	MISC	Mitigation Patch Vendor Advisory
5	http://www.securityfocus.com/bid/29445	BID	Third Party Advisory VDB Entry
6	http://securitytracker.com/id?1020150	SECTRACK	Third Party Advisory VDB Entry
7	http://secunia.com/advisories/30467	SECUNIA	Third Party Advisory
8	http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html	APPLE	Mailing List Vendor Advisory
9	http://www.vupen.com/english/advisories/2009/1028	VUPEN	Broken Link
10	http://www.vupen.com/english/advisories/2009/1029	VUPEN	Broken Link
11	http://www.securitytracker.com/id?1022047	SECTRACK	Third Party Advisory VDB Entry
12	http://www.us-cert.gov/cas/techalerts/TA09-104A.html	CERT	Third Party Advisory US Government Resource
13	http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm	CONFIRM	Third Party Advisory
14	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138	CONFIRM	Third Party Advisory
15	http://www.vupen.com/english/advisories/2008/1706	VUPEN	Broken Link
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/42765	XF	Third Party Advisory VDB Entry
17	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509	OVAL	Third Party Advisory
18	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108	OVAL	Third Party Advisory
19	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782	OVAL	Third Party Advisory
20	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015	MS
21	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014	MS

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html