Signature Detail

HTTP: Apple Safari Windows Protocol Handler Command Injection

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Extended Description

Apple Safari for Windows is prone to a protocol handler command-injection vulnerability. Exploiting the issue allows remote attackers to pass arbitrary command-line arguments to any application that can be called through a protocol handler. This specific vulnerability relies on the use of IFRAME elements; attackers can do even more damage by combining it with Mozilla XPCOM components. Exploiting the issue would permit a remote attacker to influence command options that can be called through Safari protocol handlers and to compromise affected systems in the context of the vulnerable user. This issue may be related to the vulnerability discussed in BID 10406 (Apple MacOS X SSH URI Handler Remote Code Execution Vulnerability). We will update this BID as more information emerges. Note: Apple has released Safari for Windows Beta 3.0.1

Affected Products

• Apple Mobile Safari
• Apple Safari 2.0.1
• Apple Safari 2.0.2
• Apple Safari 2.0.3
• Apple Safari 2.0.4
• Apple Safari 3 Beta
• Apple Safari 3 Beta For Windows

References

• BugTraq: 24434
• CVE: CVE-2007-3186