Signature Detail

HTTP: Apple Safari File URI Remote Code Execution

This signature detects attempts to exploit a known vulnerability against Apple Safari. A successful attack can lead to arbitrary code execution.

Extended Description

Safari is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Versions prior to Safari 5.1.1 are vulnerable. NOTE: This issue was previously covered in BID 50089(Apple Safari Prior to 5.1.1 Multiple Security Vulnerabilities) but has been given its own record to better document it.

Affected Products

• Apple Safari 4
• Apple Safari 4.0
• Apple Safari 4.0.1
• Apple Safari 4.0.2
• Apple Safari 4.0.3
• Apple Safari 4.0.4
• Apple Safari 4.0.5
• Apple Safari 4.0 Beta
• Apple Safari 4.1
• Apple Safari 4.1.1
• Apple Safari 4.1.2
• Apple Safari 4.1.3
• Apple Safari 4 Beta
• Apple Safari 5.0
• Apple Safari 5.0.1
• Apple Safari 5.0.2
• Apple Safari 5.0.3
• Apple Safari 5.0.4
• Apple Safari 5.0.5
• Apple Safari 5.0.6
• Apple Safari 5.1

References

• BugTraq: 50162
• CVE: CVE-2011-3230
• URL: http://www.apple.com/safari/download/