Sign-up

ID

VAR-200706-0533


CVE

CVE-2007-3284


TITLE

Apple Safari for Windows Corefoundation.DLL Denial of Service Vulnerability

Trust: 0.9

sources: BID: 24497 // CNNVD: CNNVD-200706-290

DESCRIPTION

corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name. Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Attackers may also be able to execute arbitrary code, but Symantec had not confirmed this. Safari 3.0.1 public beta for Windows is reported vulnerable

Trust: 1.98

sources: NVD: CVE-2007-3284 // JVNDB: JVNDB-2007-002201 // BID: 24497 // VULHUB: VHN-26646

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:windows edition 3.0.1

Trust: 0.8

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:neversion:3.0.2

Trust: 0.3

sources: BID: 24497 // JVNDB: JVNDB-2007-002201 // CNNVD: CNNVD-200706-290 // NVD: CVE-2007-3284

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-3284
value: HIGH

Trust: 1.0

NVD: CVE-2007-3284
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200706-290
value: HIGH

Trust: 0.6

VULHUB: VHN-26646
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-3284
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-26646
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-26646 // JVNDB: JVNDB-2007-002201 // CNNVD: CNNVD-200706-290 // NVD: CVE-2007-3284

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3284

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200706-290

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200706-290

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002201

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-26646

PATCH
title:Top Pageurl:http://www.apple.com/safari/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002201

EXTERNAL IDS
db:NVDid:CVE-2007-3284
Trust: 2.8
db:BIDid:24497
Trust: 2.0
db:OSVDBid:38869
Trust: 1.1
db:JVNDBid:JVNDB-2007-002201
Trust: 0.8
db:CNNVDid:CNNVD-200706-290
Trust: 0.7
db:EXPLOIT-DBid:30193
Trust: 0.1
db:SEEBUGid:SSVID-83636
Trust: 0.1
db:VULHUBid:VHN-26646
Trust: 0.1
sources:
            
            
            VULHUB: VHN-26646 // 
            
            
            
            BID: 24497 // 
            
            
            
            JVNDB: JVNDB-2007-002201 // 
            
            
            
            CNNVD: CNNVD-200706-290 // 
            
            
            
            NVD: CVE-2007-3284

REFERENCES
url:http://lostmon.blogspot.com/2007/06/safari-301-552122-for-windows.html
Trust: 2.0
url:http://www.securityfocus.com/bid/24497
Trust: 1.7
url:http://osvdb.org/38869
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3284
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3284
Trust: 0.8
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-26646 // 
            
            
            
            BID: 24497 // 
            
            
            
            JVNDB: JVNDB-2007-002201 // 
            
            
            
            CNNVD: CNNVD-200706-290 // 
            
            
            
            NVD: CVE-2007-3284

CREDITS
Lostmon is credited with discovering this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 24497 // 
            
            
            
            CNNVD: CNNVD-200706-290

SOURCES
db:VULHUBid:VHN-26646
db:BIDid:24497
db:JVNDBid:JVNDB-2007-002201
db:CNNVDid:CNNVD-200706-290
db:NVDid:CVE-2007-3284

LAST UPDATE DATE
2024-08-14T14:47:41.852000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-26646date:2012-10-31T00:00:00
db:BIDid:24497date:2015-05-07T17:37:00
db:JVNDBid:JVNDB-2007-002201date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200706-290date:2007-06-26T00:00:00
db:NVDid:CVE-2007-3284date:2012-10-31T02:38:10.373

SOURCES RELEASE DATE
db:VULHUBid:VHN-26646date:2007-06-19T00:00:00
db:BIDid:24497date:2007-06-16T00:00:00
db:JVNDBid:JVNDB-2007-002201date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200706-290date:2007-06-19T00:00:00
db:NVDid:CVE-2007-3284date:2007-06-19T22:30:00