Check Point Advisories

Update Protection against Apple Safari on Windows Platform Remote Code Execution Vulnerability (MS09-015)

Check Point Reference: CPAI-2008-082
Date Published: 2 Jun 2008
Severity: Critical
Last Updated: Tuesday 14 April, 2009
Source: Microsoft Security Advisory (953818)
Microsoft Security Bulletin MS09-015
Industry Reference:CVE-2008-2540
Protection Provided by:
Who is Vulnerable? Internet Explorer 6
Internet Explorer 7
Microsoft Windows XP SP2
Microsoft Windows XP SP3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Vista
Microsoft Windows Vista SP1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition SP1
Vulnerability Description A remote code execution vulnerability exists in Safari for Windows, a web browser developed by Apple. An attacker can exploit this issue to execute arbitrary code on a target system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS09-015
Vulnerability DetailsThe vulnerability is due to the combination of the default download location in Safari and how the Windows desktop handles executables. This creates a blended threat in which files may be downloaded to a machine without prompting, allowing them to be executed. A remote attacker can trigger this issue by convincing a victim to view a specially crafted Web page that could download content to a machine and execute it. Successful exploitation may allow the attacker to execute arbitrary code on the victim's system.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.