HTTP: Apple Safari for Windows and Internet Explorer Combined Code Execution
This signature detects attempts to exploit a known vulnerability against Apple Safari and Internet Explorer for Windows. A successful attack can lead to arbitrary code execution.
Extended Description
A vulnerability in Apple Safari on the Microsoft Windows operating system stems from a combination of security issues in Safari and all versions of Windows XP and Vista that will allow executables to be downloaded to a user's computer and run without prompting. A vulnerability in Safari, known as the 'carpet-bombing' issue reported by Nitesh Dhanjani, allows an attacker to silently place malicious DLL files on a victim's computer. A problem in Internet Explorer, reported in December of 2006 by Aviv Raff, can then be used to run those malicious DLLs. An attacker can exploit this issue by tricking a victim into visiting a malicious page with Safari; the malicious files will run when the victim starts Internet Explorer.
Affected Products
Avaya messaging_application_server,Apple safari
Short Name
HTTP:STC:SAFARI-IE-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2008-2540 Code Combined Execution Explorer Internet Safari Windows and bid:29445 for
Release Date
10/05/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Nortel_networks
Avaya
Microsoft
Apple
CVSS Score
9.3