Apple Safari自动启动可执行程序漏洞

Posted by ArtHack on Jun 25th, 2008 and filed under Notice loopholes. You can follow any responses to this entry through the RSS 2.0. You can also subscribe to us, through the Top of the E-mail - 加入超级QQ群:32843311

受影响系统:
Apple Safari <= 3.1.1
- Microsoft Windows XP SP3
- Microsoft Windows XP SP2
- Microsoft Windows Vista
不受影响系统:
Apple Safari 3.1.2
描述:
——————————————————————————–
BUGTRAQ  ID: 29835
CVE(CAN) ID: CVE-2008-2306
Safari是苹果家族操作系统中默认捆绑的WEB浏览器。
Safari处理信任站点的方式上存在漏洞,如果用户所访问的站点是Internet Explorer 7中“启动应用程序和不安全文件”设置为“启用”的站点,或Internet Explorer 6中“本地Intranet”或“可信任站点”区中的站点,则安装在Windows平台上的Safari就会自动启动从该站点所下载的可执行文件。
<*来源:Will Dormann

链接:http://support.apple.com/kb/HT2092
http://secunia.com/advisories/30775/
*>
建议:
——————————————————————————–
厂商补丁:
Apple
—–
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.apple.com/safari/download/

来源:中华安全网

Classic Posts

Related Posts

Our Sponsors

Leave a Reply

Our Sponsors

Recent Posts

Recent Comments

Tag Cloud

Premium Wordpress Themes

StudioPress
WPNOW Themes
Gabfire Themes
Solostream
WooThemes
Translator
Chinese (Simplified) flagChinese (Traditional) flagItalian flagKorean flagPortuguese flagEnglish flagGerman flagFrench flagSpanish flagJapanese flagArabic flagRussian flagGreek flagDutch flagBulgarian flagCzech flagCroat flagDanish flagFinnish flagHindi flagPolish flagRumanian flagSwedish flagNorwegian flagCatalan flagFilipino flagHebrew flagIndonesian flagLatvian flagLithuanian flagSerbian flagSlovak flagSlovenian flagUkrainian flagVietnamese flagAlbanian flagEstonian flagGalician flagMaltese flagThai flagTurkish flagHungarian flag
Log in / Art Hack.All rights reserved.