Apple Safari up to 3.1.1 on Windows Download Auto Launcher access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.0 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Apple Safari up to 3.1.1 on Windows. Affected is an unknown function of the component Download Auto Launcher. This manipulation causes access control. The identification of this vulnerability is CVE-2008-2306. There is no exploit available. It is advisable to upgrade the affected component.
Details
A vulnerability has been found in Apple Safari up to 3.1.1 on Windows (Web Browser) and classified as critical. Affected by this vulnerability is an unknown functionality of the component Download Auto Launcher. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-264. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
The bug was discovered 06/19/2008. The weakness was shared 06/20/2008 by Will Dormann with CERT/CC as HT2092 as confirmed advisory (Website). It is possible to read the advisory at support.apple.com. This vulnerability is known as CVE-2008-2306 since 05/18/2008. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $100k and more. The vulnerability scanner Nessus provides a plugin with the ID 33226 (Safari < 3.1.2 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 115816 (Apple Safari Multiple Vulnerabilities (APPLE-SA-2008-06-19)).
Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at support.apple.com. The best possible mitigation is suggested to be upgrading to the latest version.
The vulnerability is also documented in the databases at X-Force (43219), Tenable (33226), SecurityFocus (BID 29835†), OSVDB (46501†) and Secunia (SA30775†). The entries VDB-3738 and VDB-3740 are related to this item. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.apple.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.0
VulDB Base Score: 10.0
VulDB Temp Score: 9.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 33226
Nessus Name: Safari < 3.1.2 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 900002
OpenVAS Name: Apple Safari for Windows Multiple Vulnerabilities July-08
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Patch: support.apple.com
Timeline
05/18/2008 🔍06/19/2008 🔍
06/19/2008 🔍
06/19/2008 🔍
06/19/2008 🔍
06/20/2008 🔍
06/20/2008 🔍
06/20/2008 🔍
06/20/2008 🔍
06/23/2008 🔍
06/23/2008 🔍
07/25/2024 🔍
Sources
Vendor: apple.comAdvisory: HT2092
Researcher: Will Dormann
Organization: CERT/CC
Status: Confirmed
CVE: CVE-2008-2306 (🔍)
GCVE (CVE): GCVE-0-2008-2306
GCVE (VulDB): GCVE-100-3739
CERT: 🔍
X-Force: 43219
SecurityFocus: 29835 - Apple Safari Automatic File Launch Remote Code Execution Vulnerability
Secunia: 30775
OSVDB: 46501 - Apple Safari for Windows URLACTION_SHELL_EXECUTE_HIGHRISK IE Zone Setting Restriction Bypass
SecurityTracker: 1020329
Vulnerability Center: 18653 - Apple Safari Automatically Launches Files from Internet Explorer Trusted Zone, Medium
Vupen: ADV-2008-1882
See also: 🔍
Entry
Created: 06/20/2008 12:01Updated: 07/25/2024 15:14
Changes: 06/20/2008 12:01 (96), 08/12/2019 06:09 (1), 07/25/2024 15:14 (17)
Complete: 🔍
Cache ID: 216::103
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.