Details of VAR-200708-0310

ID

VAR-200708-0310

CVE

CVE-2007-4424

TITLE

Apple Safari Vulnerable to arbitrary file download on the client system desktop

Trust: 0.8

sources: JVNDB: JVNDB-2007-002522

DESCRIPTION

Apple Safari for Windows 3.0.3 and earlier does not prompt the user before downloading a file, which allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. NOTE: it could be argued that this is not a vulnerability because a dangerous file is not actually launched, but as of 2007, it is generally accepted that web browsers should prompt users before saving dangerous content. Safari For Windows is prone to a remote security vulnerability. arbitrary files

Trust: 1.98

sources: NVD: CVE-2007-4424 // JVNDB: JVNDB-2007-002522 // BID: 85433 // VULHUB: VHN-27786

AFFECTED PRODUCTS

vendor:	apple	model:	safari	scope:	lte	version:	3.0.3	Trust: 1.0
vendor:	apple	model:	safari	scope:	lte	version:	windows edition 3.0.3	Trust: 0.8
vendor:	apple	model:	safari	scope:	eq	version:	3.0.3	Trust: 0.6
vendor:	apple	model:	safari for windows windows	scope:	eq	version:	3.0.3	Trust: 0.3

sources: BID: 85433 // JVNDB: JVNDB-2007-002522 // CNNVD: CNNVD-200708-293 // NVD: CVE-2007-4424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4424
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4424
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-293
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27786
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4424
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27786
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27786 // JVNDB: JVNDB-2007-002522 // CNNVD: CNNVD-200708-293 // NVD: CVE-2007-4424

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-293

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200708-293

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002522

PATCH

title:

Top Page

url:

http://www.apple.com/safari/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002522

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4424	Trust: 2.8
db:	SECTRACK	id:	1018575	Trust: 2.0
db:	SREASON	id:	3022	Trust: 2.0
db:	JVNDB	id:	JVNDB-2007-002522	Trust: 0.8
db:	BUGTRAQ	id:	20070820 RE: RE: SAFARI FOR WINDOWS REMOTE ARBITRY FILE UPLOAD	Trust: 0.6
db:	BUGTRAQ	id:	20070811 SAFARI FOR WINDOWS REMOTE ARBITRY FILE UPLOAD	Trust: 0.6
db:	BUGTRAQ	id:	20070815 RE: SAFARI FOR WINDOWS REMOTE ARBITRY FILE UPLOAD	Trust: 0.6
db:	CNNVD	id:	CNNVD-200708-293	Trust: 0.6
db:	BID	id:	85433	Trust: 0.4
db:	VULHUB	id:	VHN-27786	Trust: 0.1

sources: VULHUB: VHN-27786 // BID: 85433 // JVNDB: JVNDB-2007-002522 // CNNVD: CNNVD-200708-293 // NVD: CVE-2007-4424

REFERENCES

url:	http://www.securitytracker.com/id?1018575	Trust: 2.0
url:	http://securityreason.com/securityalert/3022	Trust: 2.0
url:	http://www.securityfocus.com/archive/1/476675/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/476690/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/477180/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/476690/100/0/threaded	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/476675/100/0/threaded	Trust: 0.9
url:	http://www.securityfocus.com/archive/1/archive/1/477180/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4424	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4424	Trust: 0.8

sources: VULHUB: VHN-27786 // BID: 85433 // JVNDB: JVNDB-2007-002522 // CNNVD: CNNVD-200708-293 // NVD: CVE-2007-4424

CREDITS

Unknown

Trust: 0.3

sources: BID: 85433

SOURCES

db:	VULHUB	id:	VHN-27786
db:	BID	id:	85433
db:	JVNDB	id:	JVNDB-2007-002522
db:	CNNVD	id:	CNNVD-200708-293
db:	NVD	id:	CVE-2007-4424

LAST UPDATE DATE

2025-04-10T23:25:04.082000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27786	date:	2018-10-15T00:00:00
db:	BID	id:	85433	date:	2007-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2007-002522	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-293	date:	2007-08-22T00:00:00
db:	NVD	id:	CVE-2007-4424	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27786	date:	2007-08-18T00:00:00
db:	BID	id:	85433	date:	2007-08-18T00:00:00
db:	JVNDB	id:	JVNDB-2007-002522	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200708-293	date:	2007-08-18T00:00:00
db:	NVD	id:	CVE-2007-4424	date:	2007-08-18T22:17:00