ID

VAR-200806-0058


CVE

CVE-2008-2540


TITLE

Apple Safari In Vulnerabilities that do not warn before downloading

Trust: 0.8

sources: JVNDB: JVNDB-2008-001419

DESCRIPTION

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Windows XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting. A vulnerability in Safari, known as the 'carpet-bombing' issue reported by Nitesh Dhanjani, allows an attacker to silently place malicious DLL files on a victim's computer. A problem in Internet Explorer, reported in December of 2006 by Aviv Raff, can then be used to run those malicious DLLs. An attacker can exploit this issue by tricking a victim into visiting a malicious page with Safari; the malicious files will run when the victim starts Internet Explorer. Successful exploitation allows execution of arbitrary code when a user visits a malicious web site. SOLUTION: Set the download location in Safari to a location other than "Desktop". ORIGINAL ADVISORY: http://www.microsoft.com/technet/security/advisory/953818.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA09-104A Microsoft Updates for Multiple Vulnerabilities Original release date: April 14, 2009 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office * Microsoft Windows Server * Microsoft ISA Server Overview Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, Windows Server, and ISA Server. I. Description As part of the Microsoft Security Bulletin Summary for April 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Office, Windows Server, and ISA Server. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash. III. Solution Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). IV. References * Microsoft Security Bulletin Summary for April 2009 - <http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx> * Microsoft Windows Server Update Services - <http://technet.microsoft.com/en-us/wsus/default.aspx> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA09-104A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA09-104A Feedback VU#999892" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2009 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History April 14, 2009: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBSeTi+XIHljM+H4irAQIIWQf/TWAkmQKay9j5fDLBcyMGJ3icTpG05Zp2 rM8UXMjKohKcDBhY1K9mxKxif5L81+y87PlBz/WTl3icn+57wAGMl/pAAeTz3Hp3 T98eKMXfzvVU57WDGGxy+4Ad57DIIF5hRkiGusDjnNJfd5kdH7q+8rPjPCUvtYAu H+0auzCpmob7NsIv/YuRXIHekkLiX5GPanhecy+mve1cvbSpXGKF9vf7LEGaFEsT 1XOtTeY0r4TjZEk/c5ahKqGehJINujvv4eVdiajqDOCVecaALi+p+XwMSLtlJvgK Vaa/ioPIFq8nNUz7eefVSadsary2RfmKegDwmg8FZX/UOso+tQ21KQ== =q59/ -----END PGP SIGNATURE-----

Trust: 2.16

sources: NVD: CVE-2008-2540 // JVNDB: JVNDB-2008-001419 // BID: 29445 // VULHUB: VHN-32665 // PACKETSTORM: 66926 // PACKETSTORM: 76655

AFFECTED PRODUCTS

vendor:applemodel:safariscope:ltversion:3.1.2

Trust: 1.8

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.9

vendor:microsoftmodel:internet explorerscope:eqversion:6

Trust: 0.8

vendor:microsoftmodel:internet explorerscope:eqversion:7

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2003scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(itanium)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows server 2008scope:eqversion:(x86)

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion:none

Trust: 0.8

vendor:microsoftmodel:windows vistascope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:(x64)

Trust: 0.8

vendor:microsoftmodel:windows xpscope:eqversion:sp3

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 0.6

vendor:applemodel:safariscope:eqversion:3.1.1b

Trust: 0.6

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 0.6

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 0.6

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 0.6

vendor:microsoftmodel:windows xp home sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows vista business 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows vista editionscope:eqversion:x640

Trust: 0.3

vendor:nortelmodel:networks contact center expressscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise editionscope:eqversion:20080

Trust: 0.3

vendor:microsoftmodel:windows vista business 64-bit editionscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows professional sp1scope:eqversion:2000

Trust: 0.3

vendor:nortelmodel:networks contact centerscope: - version: -

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:microsoftmodel:windows vista enterprise 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2003

Trust: 0.3

vendor:nortelmodel:networks callpilot 1002rpscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp professionalscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition sp1 betascope:eqversion:20031

Trust: 0.3

vendor:microsoftmodel:windows advanced serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows xp media center edition sp3scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition itaniumscope:eqversion:20030

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows vista home basicscope: - version: -

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:microsoftmodel:windows xp professional editionscope:eqversion:x64

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc editionscope: - version: -

Trust: 0.3

vendor:nortelmodel:networks callpilot 1005rscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows vista sp1scope: - version: -

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:microsoftmodel:windows server for 32-bit systemsscope:eqversion:20080

Trust: 0.3

vendor:microsoftmodel:internet explorerscope:eqversion:7.0

Trust: 0.3

vendor:microsoftmodel:windows xp professional edition sp2scope:eqversion:x64

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit editionscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition sp2scope:eqversion:2003x64

Trust: 0.3

vendor:microsoftmodel:windows server web edition sp2scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition itanium sp1scope:eqversion:2003

Trust: 0.3

vendor:nortelmodel:networks callpilot 600rscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server standard edition sp1 betascope:eqversion:20031

Trust: 0.3

vendor:microsoftmodel:windows server sp3scope:eqversion:2000

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:3.0

Trust: 0.3

vendor:avayamodel:messaging application serverscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows server standard edition sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows xp media center editionscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc edition sp3scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp media center edition sp2scope: - version: -

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:microsoftmodel:windows vistascope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows vista home premium sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server sp2scope:eqversion:2003x64

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:3.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1

Trust: 0.3

vendor:microsoftmodel:windows xp professional sp3scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition itaniumscope:eqversion:20030

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:3.1

Trust: 0.3

vendor:microsoftmodel:windows vista home premium 64-bit editionscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows vista ultimate 64-bit editionscope:eqversion:0

Trust: 0.3

vendor:nortelmodel:networks contact center managerscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition sp1 betascope:eqversion:20031

Trust: 0.3

vendor:microsoftmodel:windows vista enterprise 64-bit editionscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition release candidatescope:eqversion:2008

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server web edition sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows server standard edition release candidatescope:eqversion:2008

Trust: 0.3

vendor:microsoftmodel:windows xp tablet pc edition sp2scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise edition itanium sp1 betascope:eqversion:20031

Trust: 0.3

vendor:microsoftmodel:windows server sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp3scope:eqversion:2000

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:2.0

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2003x64

Trust: 0.3

vendor:microsoftmodel:windows vista edition sp1scope:eqversion:x64

Trust: 0.3

vendor:microsoftmodel:windows vista home basic 64-bit editionscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition itanium sp1 betascope:eqversion:20031

Trust: 0.3

vendor:nortelmodel:networks contact center multimediascope: - version: -

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:3.1.1

Trust: 0.3

vendor:microsoftmodel:windows server datacenter editionscope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows vista home basic 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows datacenter serverscope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows xp professional sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows professional sp3scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows vista enterprisescope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp professional edition sp3scope:eqversion:x64

Trust: 0.3

vendor:nortelmodel:networks contact center manager serverscope:eqversion:0

Trust: 0.3

vendor:microsoftmodel:windows server standard editionscope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows vista ultimate sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server itanium sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows server sp2scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows server datacenter editionscope:eqversion:20080

Trust: 0.3

vendor:microsoftmodel:windows vista home premium 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise editionscope:eqversion:2003x64

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows vista business sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server standard editionscope:eqversion:20080

Trust: 0.3

vendor:avayamodel:messaging application server mmscope:eqversion:1.1

Trust: 0.3

vendor:microsoftmodel:windows vista ultimatescope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server standard edition sp2scope:eqversion:2003

Trust: 0.3

vendor:nortelmodel:networks callpilot 703tscope: - version: -

Trust: 0.3

vendor:nortelmodel:networks callpilot 201iscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows xp homescope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows vista home premiumscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server web editionscope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows professional sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server sp2scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professionalscope:eqversion:2000

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:microsoftmodel:windows xp media center edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows advanced server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows professional sp4scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows server for itanium-based systemsscope:eqversion:20080

Trust: 0.3

vendor:microsoftmodel:windows vista businessscope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server itaniumscope:eqversion:20030

Trust: 0.3

vendor:microsoftmodel:windows xp professional sp2scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp home sp2scope: - version: -

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:microsoftmodel:windows vista home basic sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server for x64-based systemsscope:eqversion:20080

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition version sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows vista ultimate 64-bit edition sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition release candidatescope:eqversion:2008

Trust: 0.3

vendor:microsoftmodel:windows server itanium sp2scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows datacenter server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows xp home sp3scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server sp1scope:eqversion:2000

Trust: 0.3

vendor:microsoftmodel:windows vista enterprise sp1scope: - version: -

Trust: 0.3

vendor:microsoftmodel:windows server enterprise editionscope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows xp 64-bit edition versionscope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows server datacenter edition itanium sp1scope:eqversion:2003

Trust: 0.3

vendor:microsoftmodel:windows serverscope:eqversion:2000

Trust: 0.3

vendor:nortelmodel:networks contact center administrationscope:eqversion:0

Trust: 0.3

sources: BID: 29445 // JVNDB: JVNDB-2008-001419 // CNNVD: CNNVD-200806-055 // NVD: CVE-2008-2540

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-2540
value: HIGH

Trust: 1.0

NVD: CVE-2008-2540
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200806-055
value: CRITICAL

Trust: 0.6

VULHUB: VHN-32665
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-2540
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-32665
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-32665 // JVNDB: JVNDB-2008-001419 // CNNVD: CNNVD-200806-055 // NVD: CVE-2008-2540

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-32665 // JVNDB: JVNDB-2008-001419 // NVD: CVE-2008-2540

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200806-055

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200806-055

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-001419

PATCH

title:Safari 3.1.2url:http://support.apple.com/kb/HT2092

Trust: 0.8

title:Safari 3.1.2url:http://support.apple.com/kb/HT2092?locale=ja_JP

Trust: 0.8

title:953818url:http://www.microsoft.com/technet/security/advisory/953818.mspx

Trust: 0.8

title:MS09-014url:http://www.microsoft.com/technet/security/bulletin/MS09-014.mspx

Trust: 0.8

title:MS09-015url:http://www.microsoft.com/technet/security/bulletin/MS09-015.mspx

Trust: 0.8

title:953818url:http://www.microsoft.com/japan/technet/security/advisory/953818.mspx

Trust: 0.8

title:MS09-014url:http://www.microsoft.com/japan/technet/security/bulletin/MS09-014.mspx

Trust: 0.8

title:MS09-015url:http://www.microsoft.com/japan/technet/security/bulletin/MS09-015.mspx

Trust: 0.8

title:MS09-015eurl:http://www.microsoft.com/japan/security/bulletins/MS09-015e.mspx

Trust: 0.8

title:MS09-014eurl:http://www.microsoft.com/japan/security/bulletins/MS09-014e.mspx

Trust: 0.8

title:TA09-104Aurl:http://software.fujitsu.com/jp/security/vulnerabilities/ta09-104a.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-001419

EXTERNAL IDS

db:NVDid:CVE-2008-2540

Trust: 2.8

db:BIDid:29445

Trust: 2.8

db:USCERTid:TA09-104A

Trust: 2.6

db:SECTRACKid:1020150

Trust: 2.5

db:SECUNIAid:30467

Trust: 1.8

db:SECTRACKid:1022047

Trust: 1.7

db:VUPENid:ADV-2009-1029

Trust: 1.7

db:VUPENid:ADV-2008-1706

Trust: 1.7

db:VUPENid:ADV-2009-1028

Trust: 1.7

db:XFid:42765

Trust: 1.4

db:USCERTid:SA09-104A

Trust: 0.8

db:JVNDBid:JVNDB-2008-001419

Trust: 0.8

db:CNNVDid:CNNVD-200806-055

Trust: 0.7

db:MSid:MS09-015

Trust: 0.6

db:CERT/CCid:TA09-104A

Trust: 0.6

db:APPLEid:APPLE-SA-2008-06-19

Trust: 0.6

db:VULHUBid:VHN-32665

Trust: 0.1

db:PACKETSTORMid:66926

Trust: 0.1

db:PACKETSTORMid:76655

Trust: 0.1

sources: VULHUB: VHN-32665 // BID: 29445 // JVNDB: JVNDB-2008-001419 // PACKETSTORM: 66926 // PACKETSTORM: 76655 // CNNVD: CNNVD-200806-055 // NVD: CVE-2008-2540

REFERENCES

url:http://www.securityfocus.com/bid/29445

Trust: 2.5

url:http://www.us-cert.gov/cas/techalerts/ta09-104a.html

Trust: 2.5

url:http://securitytracker.com/id?1020150

Trust: 2.5

url:http://www.microsoft.com/technet/security/advisory/953818.mspx

Trust: 2.1

url:http://support.avaya.com/elmodocs2/security/asa-2009-133.htm

Trust: 2.0

url:http://aviv.raffon.net/2008/05/31/safaripwnsinternetexplorer.aspx

Trust: 2.0

url:http://blogs.zdnet.com/security/?p=1230

Trust: 2.0

url:http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html

Trust: 2.0

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&id=871138

Trust: 1.9

url:http://lists.apple.com/archives/security-announce/2008//jun/msg00001.html

Trust: 1.7

url:http://www.securitytracker.com/id?1022047

Trust: 1.7

url:http://secunia.com/advisories/30467

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/1028

Trust: 1.7

url:http://www.vupen.com/english/advisories/2009/1029

Trust: 1.7

url:http://www.frsirt.com/english/advisories/2008/1706

Trust: 1.4

url:http://xforce.iss.net/xforce/xfdb/42765

Trust: 1.4

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014

Trust: 1.1

url:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a5782

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6108

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8509

Trust: 1.1

url:http://www.vupen.com/english/advisories/2008/1706

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/42765

Trust: 1.1

url:http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx

Trust: 0.9

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2540

Trust: 0.8

url:http://www.jpcert.or.jp/at/2009/at090007.txt

Trust: 0.8

url:http://jvn.jp/cert/jvnta09-104a/index.html

Trust: 0.8

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-2540

Trust: 0.8

url:http://www.us-cert.gov/cas/alerts/sa09-104a.html

Trust: 0.8

url:http://www.cyberpolice.go.jp/#topics

Trust: 0.8

url:http://blogs.technet.com/srd/archive/2009/04/14/ms09-014-addressing-the-safari-carpet-bomb-vulnerability.aspx

Trust: 0.3

url:http://support.avaya.com/elmodocs2/security/asa-2009-138.htm

Trust: 0.3

url:http://www.microsoft.com/technet/security/bulletin/ms09-014.mspx

Trust: 0.3

url:http://support.nortel.com/go/main.jsp?cscat=bltndetail&amp;id=871138

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/22/

Trust: 0.1

url:http://secunia.com/advisories/30467/

Trust: 0.1

url:http://secunia.com/hardcore_disassembler_and_reverse_engineer/

Trust: 0.1

url:http://secunia.com/product/16/

Trust: 0.1

url:http://secunia.com/product/13223/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/secunia_security_specialist/

Trust: 0.1

url:http://secunia.com/product/17978/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://www.us-cert.gov/cas/techalerts/ta09-104a.html>

Trust: 0.1

url:http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx>

Trust: 0.1

url:http://www.us-cert.gov/cas/signup.html>.

Trust: 0.1

url:http://www.us-cert.gov/legal.html>

Trust: 0.1

url:http://technet.microsoft.com/en-us/wsus/default.aspx>

Trust: 0.1

sources: VULHUB: VHN-32665 // BID: 29445 // JVNDB: JVNDB-2008-001419 // PACKETSTORM: 66926 // PACKETSTORM: 76655 // CNNVD: CNNVD-200806-055 // NVD: CVE-2008-2540

CREDITS

Nitesh Dhanjani

Trust: 0.6

sources: CNNVD: CNNVD-200806-055

SOURCES

db:VULHUBid:VHN-32665
db:BIDid:29445
db:JVNDBid:JVNDB-2008-001419
db:PACKETSTORMid:66926
db:PACKETSTORMid:76655
db:CNNVDid:CNNVD-200806-055
db:NVDid:CVE-2008-2540

LAST UPDATE DATE

2024-08-14T13:01:27.471000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-32665date:2018-10-12T00:00:00
db:BIDid:29445date:2009-04-20T22:46:00
db:JVNDBid:JVNDB-2008-001419date:2009-05-15T00:00:00
db:CNNVDid:CNNVD-200806-055date:2011-07-15T00:00:00
db:NVDid:CVE-2008-2540date:2019-02-26T14:04:00.980

SOURCES RELEASE DATE

db:VULHUBid:VHN-32665date:2008-06-03T00:00:00
db:BIDid:29445date:2008-05-30T00:00:00
db:JVNDBid:JVNDB-2008-001419date:2008-06-27T00:00:00
db:PACKETSTORMid:66926date:2008-06-03T18:08:05
db:PACKETSTORMid:76655date:2009-04-15T00:10:24
db:CNNVDid:CNNVD-200806-055date:2008-05-30T00:00:00
db:NVDid:CVE-2008-2540date:2008-06-03T15:32:00