Update Protection against Apple Safari for Windows and Internet Explorer Combined Code Execution Vulnerability
| Check Point Reference: | CPAI-2010-216 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Advisory (953818) | |
| Industry Reference(s): | CVE-2008-2540 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Apple Safari For Windows 3.1.1 and Prior | ||
| Vulnerability Description A cross application vulnerability has been discovered in Apple Safari on Windows when residing on a system with Microsoft Internet Explorer installed. Safari is a web browsing application developed by Apple. A remote attacker could exploit this issue by convincing a user to open a maliciously crafted HTML, which may allow the attacker to execute arbitrary code on the affected system. |
||
|
Vulnerability Details A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a user's machine without prompting, allowing them to be executed. An attacker could trick users into visiting a specially crafted Web site that could download content to a user's machine and execute the content locally. Successful exploitation of this vulnerability will allow an attacker to take complete control of the affected system. |
Protection Overview
This protection will detect and block attempts to exploit this vulnerability.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense,go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.