A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service.
According to Apple Safari 3.1.1:
A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads.
A remote, unauthenticated attacker may be able to execute arbitrary code.
Apply Apple Updates
Disable Open “safe” files after downloading option
This issue is addressed by Apple Safari 3.1.1
|Date First Published:||2008-04-18|
|Date Last Updated:||2008-04-18 18:28 UTC|