CVE-2008-4216

Properties

Published:
16.11.2008
Updated:
17.11.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Product:
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari
apple: safari

Vulnerability description

The plug-in interface in WebKit in Apple Safari before 3.2 does not prevent plug-ins from accessing local URLs, which allows remote attackers to obtain sensitive information via vectors that "launch local files."

References:

BID: http://www.securityfocus.com/bid/32291
CONFIRM: http://support.apple.com/kb/HT3298
APPLE: http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html