Vulnerability Description
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
CVSS Score
9.3
HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Safari | <= 4.0.4 |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlVendor Advisory
- http://support.apple.com/kb/HT4070Vendor Advisory
- http://www.securityfocus.com/bid/38671Patch
- http://www.securitytracker.com/id?1023706
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlVendor Advisory
- http://support.apple.com/kb/HT4070Vendor Advisory
- http://www.securityfocus.com/bid/38671Patch
- http://www.securitytracker.com/id?1023706
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2010-0045?
CVE-2010-0045 is a vulnerability with a CVSS score of 9.3 (HIGH). Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
How severe is CVE-2010-0045?
CVE-2010-0045 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-0045?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Safari, Microsoft Windows.