VAR-200804-0037
Vulnerability from variot - Updated: 2023-12-18 10:49Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari is prone to a remote memory-corruption vulnerability that occurs when downloading malicious files. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to Apple Safari 3.1.1 running on Microsoft Windows XP and Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200804-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "safari",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "3.1"
},
{
"model": "safari",
"scope": "eq",
"trust": 1.3,
"vendor": "apple",
"version": "3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "apple computer",
"version": null
},
{
"model": "safari",
"scope": "lt",
"trust": 0.8,
"vendor": "apple",
"version": "version"
},
{
"model": "safari",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "3.1.1"
},
{
"model": "windows vista",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": null,
"trust": 0.6,
"vendor": "microsoft",
"version": null
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.4"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.3"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.2"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3.0.1"
},
{
"model": "safari beta for windows",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari beta",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "3"
},
{
"model": "safari",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "3.1.1"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#529441"
},
{
"db": "BID",
"id": "28813"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1024"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Robert Swiecki robert@swiecki.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
],
"trust": 0.6
},
"cve": "CVE-2008-1024",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-1024",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-31149",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1024",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#529441",
"trust": 0.8,
"value": "13.11"
},
{
"author": "CNNVD",
"id": "CNNVD-200804-272",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31149",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#529441"
},
{
"db": "VULHUB",
"id": "VHN-31149"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari is prone to a remote memory-corruption vulnerability that occurs when downloading malicious files. \nAn attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. \nThis issue affects versions prior to Apple Safari 3.1.1 running on Microsoft Windows XP and Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"db": "CERT/CC",
"id": "VU#529441"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "BID",
"id": "28813"
},
{
"db": "VULHUB",
"id": "VHN-31149"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#529441",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2008-1024",
"trust": 2.8
},
{
"db": "BID",
"id": "28813",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1019868",
"trust": 2.5
},
{
"db": "VUPEN",
"id": "ADV-2008-0979",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200804-272",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2008-04-16",
"trust": 0.6
},
{
"db": "XF",
"id": "41864",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31149",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#529441"
},
{
"db": "VULHUB",
"id": "VHN-31149"
},
{
"db": "BID",
"id": "28813"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"id": "VAR-200804-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31149"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:49:06.273000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Safari 3.1.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1467"
},
{
"title": "Safari 3.1.1",
"trust": 0.8,
"url": "http://support.apple.com/kb/ht1467?viewlocale=ja_jp"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31149"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "NVD",
"id": "CVE-2008-1024"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/529441"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/28813"
},
{
"trust": 2.5,
"url": "http://www.securitytracker.com/id?1019868"
},
{
"trust": 2.0,
"url": "http://support.apple.com/kb/ht1467"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2008/0979/references"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41864"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1024"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1024"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41864"
},
{
"trust": 0.3,
"url": "http://www.apple.com/safari/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#529441"
},
{
"db": "VULHUB",
"id": "VHN-31149"
},
{
"db": "BID",
"id": "28813"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#529441"
},
{
"db": "VULHUB",
"id": "VHN-31149"
},
{
"db": "BID",
"id": "28813"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-04-18T00:00:00",
"db": "CERT/CC",
"id": "VU#529441"
},
{
"date": "2008-04-17T00:00:00",
"db": "VULHUB",
"id": "VHN-31149"
},
{
"date": "2008-04-16T00:00:00",
"db": "BID",
"id": "28813"
},
{
"date": "2008-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"date": "2008-04-17T19:05:00",
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"date": "2008-04-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-04-18T00:00:00",
"db": "CERT/CC",
"id": "VU#529441"
},
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-31149"
},
{
"date": "2008-04-18T19:17:00",
"db": "BID",
"id": "28813"
},
{
"date": "2008-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-001320"
},
{
"date": "2017-08-08T01:29:50.010000",
"db": "NVD",
"id": "CVE-2008-1024"
},
{
"date": "2009-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Safari fails to properly handle a file name",
"sources": [
{
"db": "CERT/CC",
"id": "VU#529441"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200804-272"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…