CVE-2007-3186

Published: Jun 12, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours

x_refsource_MISC

20070612 Safari for Windows, 0day URL protocol handler command injection

mailing-list

x_refsource_BUGTRAQ

38542

vdb-entry

x_refsource_OSVDB

safari-urlprotocol-command-execution(34824)

vdb-entry

x_refsource_XF

ADV-2007-2192

vdb-entry

x_refsource_VUPEN

24434

vdb-entry

x_refsource_BID

20070612 Safari for Windows, 0day URL protocol handler command injection

mailing-list

x_refsource_FULLDISC

1018224

vdb-entry

x_refsource_SECTRACK

http://larholm.com/2007/06/14/safari-301-released/

x_refsource_MISC

APPLE-SA-2007-06-14

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-3186

Description

Affected Products

References