Published: 12/06/2007 Updated: 16/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Apple Safari Beta 3.0.1 for Windows allows remote malicious users to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari 3.0
apple safari 3.0.1
apple safari 2.0.1
apple safari 2.0.2
apple safari 2.0.3
apple safari 2.0.4
apple safari
apple safari 2.0

source: wwwsecurityfocuscom/bid/24434/info Apple Safari for Windows is prone to a protocol handler command-injection vulnerability Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler This specific vulnerability relies on the use of IFRAM ...

CWE-264 http://lists.grok.org.uk/pipermail/full-disclosure/2007-June/063926.html http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours http://www.securityfocus.com/bid/24434 http://larholm.com/2007/06/14/safari-301-released/http://lists.apple.com/archives/security-announce/2007/Jun/msg00000.html http://www.securitytracker.com/id?1018224 http://www.vupen.com/english/advisories/2007/2192 http://osvdb.org/38542 https://exchange.xforce.ibmcloud.com/vulnerabilities/34824 http://www.securityfocus.com/archive/1/471176/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/30176/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-3186

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect