CVE-2007-4431 - Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to

CVE-2007-4431

Summary

Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and earlier allows remote attackers to bypass the Same Origin Policy, with access from local zones to external domains, via a certain body.innerHTML property value, aka "classic JavaScript frame hijacking."

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.0b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.1b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2b:-:windows:*:*:*:*:*
cpe:2.3:a:apple:safari:3.0.2b:-:windows:*:*:*:*:*

CVSS

Base:	6.8 (as of 15-11-2008 - 06:57)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	25355
misc	http://sla.ckers.org/forum/read.php?3,14151 http://www.0x000000.com/index.php?i=420 http://www.thespanner.co.uk/2007/08/17/safari-beta-zero-day/
osvdb	46720

Last major update

15-11-2008 - 06:57

Published

20-08-2007 - 19:17

Last modified

15-11-2008 - 06:57