Vulnerability Note VU#529441
Apple Safari fails to properly handle a file name
A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service.
According to Apple Safari 3.1.1:
A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads.
Note that this issue only affects Safari on Windows XP or Vista.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply Apple Updates
Disable Open “safe” files after downloading option
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Apple Computer, Inc.||Affected||-||18 Apr 2008|
CVSS Metrics (Learn More)
This issue is addressed by Apple Safari 3.1.1.
This document was written by Chris Taschner.
- CVE IDs: CVE-2008-1024
- Date Public: 16 Apr 2008
- Date First Published: 18 Apr 2008
- Date Last Updated: 18 Apr 2008
- Severity Metric: 13.11
- Document Revision: 12
If you have feedback, comments, or additional information about this vulnerability, please send us email.