Safari < 3.1.2 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 4556


The remote host contains a web browser that is affected by several issues.


The version of Safari installed on the remote host reportedly is affected by several issues :

- An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573).
- Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with 'Launching applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone (CVE-2008-2306).
- There is a memory corruption issue in WebKit's handling of JavaScript arrays that could be leveraged to crash the application or execute arbitrary code if visiting a malicious site (CVE-2008-2307).
- When handling an object with an unrecognized content type, Safari does not prompt the user before downloading the object (aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the default), this could lead to arbitrary code execution (CVE-2008-2540).


Update to version 3.1.2 or higher.

See Also

Plugin Details

Severity: Medium

ID: 4556

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/19

Dependencies: 3705

Nessus ID: 33226

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 5.6

Temporal Score: 5.2


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:apple:safari

Reference Information

CVE: CVE-2008-2307, CVE-2008-2306, CVE-2008-1573, CVE-2008-2540

BID: 29835, 29445, 29513, 29836