CVE-2008-2306

Published: Jun 23, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.

Affected (7)

Products: Apple: Safari

1 product

Configuration A

7 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Apple Safari	Up to 3.1.1
Apple Safari	Version 3.0.1
Apple Safari	Version 3.0.2
Apple Safari	Version 3.0.3
Apple Safari	Version 3.0.4
Apple Safari	Version 3.0
Apple Safari	Version 3.1

Running on/with	Platform Versions
Microsoft Windows Vista	All versions
Microsoft Windows Xp	All versions

Related CWEs

References (12)

http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html

Source: cve@mitre.org

Patch

http://secunia.com/advisories/30775

Source: cve@mitre.org

http://www.kb.cert.org/vuls/id/127185

Source: cve@mitre.org

US Government Resource

http://www.securityfocus.com/bid/29835

Source: cve@mitre.org

http://www.securitytracker.com/id?1020329

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1882/references

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://secunia.com/advisories/30775

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/127185

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/bid/29835

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020329

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1882/references

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.