Details of VAR-200501-0128

ID

VAR-200501-0128

CVE

CVE-2004-1122

TITLE

Apple Safari Dialog spoofing vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-058

DESCRIPTION

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. This issue may allow a remote attacker to carry out phishing style attacks as an attacker may exploit this vulnerability to spoof an interface of a trusted web site. Apple Safari 1.2.3 (v125.9) is reported vulnerable to this issue. It is likely that other versions are affected as well

Trust: 1.26

sources: NVD: CVE-2004-1122 // BID: 11469 // VULHUB: VHN-9552

AFFECTED PRODUCTS

vendor:

apple

model:

safari

scope:

version:

1.2.3

Trust: 1.9

sources: BID: 11469 // CNNVD: CNNVD-200501-058 // NVD: CVE-2004-1122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1122
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200501-058
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9552
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1122
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9552
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9552 // CNNVD: CNNVD-200501-058 // NVD: CVE-2004-1122

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1122

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-058

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200501-058

EXTERNAL IDS

db:	SECUNIA	id:	12892	Trust: 2.0
db:	NVD	id:	CVE-2004-1122	Trust: 2.0
db:	CNNVD	id:	CNNVD-200501-058	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2004-12-02	Trust: 0.6
db:	BID	id:	11469	Trust: 0.4
db:	VULHUB	id:	VHN-9552	Trust: 0.1

sources: VULHUB: VHN-9552 // BID: 11469 // CNNVD: CNNVD-200501-058 // NVD: CVE-2004-1122

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2004/dec/msg00000.html	Trust: 1.7
url:	http://secunia.com/multiple_browsers_dialog_box_spoofing_test/	Trust: 1.7
url:	http://secunia.com/secunia_research/2004-10/	Trust: 1.7
url:	http://secunia.com/advisories/12892	Trust: 1.7
url:	http://secunia.com/advisories/12892/	Trust: 0.3
url:	http://www.apple.com/safari/	Trust: 0.3

sources: VULHUB: VHN-9552 // BID: 11469 // CNNVD: CNNVD-200501-058 // NVD: CVE-2004-1122

CREDITS

Discovery is credited to Secunia.

Trust: 0.9

sources: BID: 11469 // CNNVD: CNNVD-200501-058

SOURCES

db:	VULHUB	id:	VHN-9552
db:	BID	id:	11469
db:	CNNVD	id:	CNNVD-200501-058
db:	NVD	id:	CVE-2004-1122

LAST UPDATE DATE

2024-08-14T13:07:43.875000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9552	date:	2008-09-10T00:00:00
db:	BID	id:	11469	date:	2009-07-12T08:06:00
db:	CNNVD	id:	CNNVD-200501-058	date:	2005-10-28T00:00:00
db:	NVD	id:	CVE-2004-1122	date:	2008-09-10T19:29:11.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9552	date:	2005-01-10T00:00:00
db:	BID	id:	11469	date:	2004-10-20T00:00:00
db:	CNNVD	id:	CNNVD-200501-058	date:	2005-01-10T00:00:00
db:	NVD	id:	CVE-2004-1122	date:	2005-01-10T05:00:00