Sign-up

ID

VAR-200804-0037


CVE

CVE-2008-1024


TITLE

Apple Safari fails to properly handle a file name

Trust: 0.8

sources: CERT/CC: VU#529441

DESCRIPTION

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption. Apple Safari is prone to a remote memory-corruption vulnerability that occurs when downloading malicious files. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to Apple Safari 3.1.1 running on Microsoft Windows XP and Windows Vista. Safari is the WEB browser bundled with the Apple family operating system by default

Trust: 2.7

sources: NVD: CVE-2008-1024 // CERT/CC: VU#529441 // JVNDB: JVNDB-2008-001320 // BID: 28813 // VULHUB: VHN-31149

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:3

Trust: 1.3

vendor:apple computermodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:ltversion:version

Trust: 0.8

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.8

vendor:microsoftmodel:windows vistascope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows xpscope: - version: -

Trust: 0.6

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.4

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.3

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.2

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:safari beta for windowsscope:eqversion:3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:3

Trust: 0.3

vendor:applemodel:safariscope:neversion:3.1.1

Trust: 0.3

sources: CERT/CC: VU#529441 // BID: 28813 // JVNDB: JVNDB-2008-001320 // CNNVD: CNNVD-200804-272 // NVD: CVE-2008-1024

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1024
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#529441
value: 13.11

Trust: 0.8

NVD: CVE-2008-1024
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200804-272
value: MEDIUM

Trust: 0.6

VULHUB: VHN-31149
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-1024
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31149
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#529441 // VULHUB: VHN-31149 // JVNDB: JVNDB-2008-001320 // CNNVD: CNNVD-200804-272 // NVD: CVE-2008-1024

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-31149 // JVNDB: JVNDB-2008-001320 // NVD: CVE-2008-1024

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200804-272

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-200804-272

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-001320

PATCH
title:Safari 3.1.1url:http://support.apple.com/kb/HT1467
Trust: 0.8
title:Safari 3.1.1url:http://support.apple.com/kb/HT1467?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-001320

EXTERNAL IDS
db:CERT/CCid:VU#529441
Trust: 3.6
db:NVDid:CVE-2008-1024
Trust: 2.8
db:BIDid:28813
Trust: 2.8
db:SECTRACKid:1019868
Trust: 2.5
db:VUPENid:ADV-2008-0979
Trust: 1.7
db:JVNDBid:JVNDB-2008-001320
Trust: 0.8
db:CNNVDid:CNNVD-200804-272
Trust: 0.7
db:APPLEid:APPLE-SA-2008-04-16
Trust: 0.6
db:XFid:41864
Trust: 0.6
db:VULHUBid:VHN-31149
Trust: 0.1
sources:
            
            
            CERT/CC: VU#529441 // 
            
            
            
            VULHUB: VHN-31149 // 
            
            
            
            BID: 28813 // 
            
            
            
            JVNDB: JVNDB-2008-001320 // 
            
            
            
            CNNVD: CNNVD-200804-272 // 
            
            
            
            NVD: CVE-2008-1024

REFERENCES
url:http://www.kb.cert.org/vuls/id/529441
Trust: 2.8
url:http://www.securityfocus.com/bid/28813
Trust: 2.5
url:http://www.securitytracker.com/id?1019868
Trust: 2.5
url:http://support.apple.com/kb/ht1467
Trust: 2.0
url:http://lists.apple.com/archives/security-announce/2008/apr/msg00001.html
Trust: 1.7
url:http://www.vupen.com/english/advisories/2008/0979/references
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41864
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1024
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1024
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/41864
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
sources:
            
            
            CERT/CC: VU#529441 // 
            
            
            
            VULHUB: VHN-31149 // 
            
            
            
            BID: 28813 // 
            
            
            
            JVNDB: JVNDB-2008-001320 // 
            
            
            
            CNNVD: CNNVD-200804-272 // 
            
            
            
            NVD: CVE-2008-1024

CREDITS
Robert Swiecki robert@swiecki.net
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200804-272

SOURCES
db:CERT/CCid:VU#529441
db:VULHUBid:VHN-31149
db:BIDid:28813
db:JVNDBid:JVNDB-2008-001320
db:CNNVDid:CNNVD-200804-272
db:NVDid:CVE-2008-1024

LAST UPDATE DATE
2025-04-10T20:35:47.569000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#529441date:2008-04-18T00:00:00
db:VULHUBid:VHN-31149date:2017-08-08T00:00:00
db:BIDid:28813date:2008-04-18T19:17:00
db:JVNDBid:JVNDB-2008-001320date:2008-05-13T00:00:00
db:CNNVDid:CNNVD-200804-272date:2009-03-18T00:00:00
db:NVDid:CVE-2008-1024date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#529441date:2008-04-18T00:00:00
db:VULHUBid:VHN-31149date:2008-04-17T00:00:00
db:BIDid:28813date:2008-04-16T00:00:00
db:JVNDBid:JVNDB-2008-001320date:2008-05-13T00:00:00
db:CNNVDid:CNNVD-200804-272date:2008-04-17T00:00:00
db:NVDid:CVE-2008-1024date:2008-04-17T19:05:00