CVE-2008-2306

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*
OR cpe:2.3:a:apple:safari:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2:*:*:*:*:*:*:*

Information

Published : 2008-06-23 13:41

Updated : 2011-03-07 19:08


NVD link : CVE-2008-2306

Mitre link : CVE-2008-2306


JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa

Products Affected

microsoft

  • windows_xp
  • windows_vista

apple

  • safari