Vulnerability Description
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | < 3.1.2 |
| Microsoft | Internet Explorer | 7 |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | - |
| Microsoft | Windows Xp | - |
Related Weaknesses (CWE)
References
- http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspxThird Party Advisory
- http://blogs.zdnet.com/security/?p=1230Third Party Advisory
- http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.htmlMailing ListVendor Advisory
- http://secunia.com/advisories/30467Third Party Advisory
- http://securitytracker.com/id?1020150Third Party AdvisoryVDB Entry
- http://support.avaya.com/elmodocs2/security/ASA-2009-133.htmThird Party Advisory
- http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=871138Third Party Advisory
- http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.htmlBroken Link
- http://www.microsoft.com/technet/security/advisory/953818.mspxMitigationPatchVendor Advisory
- http://www.securityfocus.com/bid/29445Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1022047Third Party AdvisoryVDB Entry
- http://www.us-cert.gov/cas/techalerts/TA09-104A.htmlThird Party AdvisoryUS Government Resource
- http://www.vupen.com/english/advisories/2008/1706Broken Link
- http://www.vupen.com/english/advisories/2009/1028Broken Link
- http://www.vupen.com/english/advisories/2009/1029Broken Link
FAQ
What is CVE-2008-2540?
CVE-2008-2540 is a vulnerability with a CVSS score of 9.3 (HIGH). Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into ...
How severe is CVE-2008-2540?
CVE-2008-2540 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2540?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Microsoft Internet Explorer, Microsoft Windows Server 2003, Microsoft Windows Server 2008, Microsoft Windows Vista.