CVE-2008-2540 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-2540
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-2540

Description: Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, aka a "Carpet Bomb," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because of certain behavior of the Windows desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. NOTE: Microsoft describes the issue on the Windows platform as "a blended threat that allows remote code execution."

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/42765 ST 1020150 1022047 SAID Secunia Advisory: SA30467 MS http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx MISC http://www.microsoft.com/technet/security/advisory/953818.mspx http://blogs.zdnet.com/security/?p=1230 http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138 CERT http://www.us-cert.gov/cas/techalerts/TA09-104A.html BID 29445 APPLE http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html

Return to the previous page.