Sign-up

ID

VAR-201009-0262


CVE

CVE-2010-1805


TITLE

Windows Run on Apple Safari Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2010-002056

DESCRIPTION

Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari. Apple Safari for Windows is prone to an arbitrary code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate a compromise of the application and the underlying computer; other attacks are also possible. Safari is the web browser bundled by default in the Apple family machine operating system

Trust: 1.98

sources: NVD: CVE-2010-1805 // JVNDB: JVNDB-2010-002056 // BID: 43048 // VULHUB: VHN-44410

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.2

Trust: 0.3

sources: BID: 43048 // JVNDB: JVNDB-2010-002056 // CNNVD: CNNVD-201009-087 // NVD: CVE-2010-1805

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1805
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1805
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201009-087
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44410
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1805
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44410
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44410 // JVNDB: JVNDB-2010-002056 // CNNVD: CNNVD-201009-087 // NVD: CVE-2010-1805

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-44410 // JVNDB: JVNDB-2010-002056 // NVD: CVE-2010-1805

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201009-087

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201009-087

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-002056

PATCH
title:HT4333url:http://support.apple.com/kb/HT4333
Trust: 0.8
title:SafariSetupurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=34424
Trust: 0.6
title:Safari4.1.2Tigerurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=34423
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-002056 // 
            
            
            
            CNNVD: CNNVD-201009-087

EXTERNAL IDS
db:BIDid:43048
Trust: 2.8
db:NVDid:CVE-2010-1805
Trust: 2.8
db:JVNDBid:JVNDB-2010-002056
Trust: 0.8
db:CNNVDid:CNNVD-201009-087
Trust: 0.7
db:APPLEid:APPLE-SA-2010-09-07-1
Trust: 0.6
db:NSFOCUSid:15732
Trust: 0.6
db:VULHUBid:VHN-44410
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44410 // 
            
            
            
            BID: 43048 // 
            
            
            
            JVNDB: JVNDB-2010-002056 // 
            
            
            
            CNNVD: CNNVD-201009-087 // 
            
            
            
            NVD: CVE-2010-1805

REFERENCES
url:http://www.securityfocus.com/bid/43048
Trust: 2.5
url:http://lists.apple.com/archives/security-announce/2010//sep/msg00001.html
Trust: 1.7
url:http://support.apple.com/kb/ht4333
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11956
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1805
Trust: 0.8
url:http://jvn.jp/cert/jvnvu954431
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1805
Trust: 0.8
url:http://www.nsfocus.net/vulndb/15732
Trust: 0.6
url:http://software.cisco.com/download/navigator.html?mdfid=283613663
Trust: 0.3
url:http://www.apple.com/safari/
Trust: 0.3
url:/archive/1/513573
Trust: 0.3
sources:
            
            
            VULHUB: VHN-44410 // 
            
            
            
            BID: 43048 // 
            
            
            
            JVNDB: JVNDB-2010-002056 // 
            
            
            
            CNNVD: CNNVD-201009-087 // 
            
            
            
            NVD: CVE-2010-1805

CREDITS
Luke Wagnerwushi
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201009-087

SOURCES
db:VULHUBid:VHN-44410
db:BIDid:43048
db:JVNDBid:JVNDB-2010-002056
db:CNNVDid:CNNVD-201009-087
db:NVDid:CVE-2010-1805

LAST UPDATE DATE
2024-11-23T20:16:35.112000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44410date:2017-09-19T00:00:00
db:BIDid:43048date:2010-09-09T16:22:00
db:JVNDBid:JVNDB-2010-002056date:2010-09-28T00:00:00
db:CNNVDid:CNNVD-201009-087date:2010-09-14T00:00:00
db:NVDid:CVE-2010-1805date:2024-11-21T01:15:13.970

SOURCES RELEASE DATE
db:VULHUBid:VHN-44410date:2010-09-10T00:00:00
db:BIDid:43048date:2010-09-07T00:00:00
db:JVNDBid:JVNDB-2010-002056date:2010-09-28T00:00:00
db:CNNVDid:CNNVD-201009-087date:2010-09-14T00:00:00
db:NVDid:CVE-2010-1805date:2010-09-10T19:00:01.940