CVE-2010-1805 : Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users

Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 on Windows allows local users to gain privileges via a Trojan horse explorer.exe (aka Windows Explorer) program in a directory containing a file that had been downloaded by Safari.

Published 2010-09-10 19:00:02

Updated 2017-09-19 01:30:51

Source Apple Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2010-1805

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2010-1805

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2010-1805

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2010-1805

http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html

Apple - Lists.apple.com
Vendor Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11956

Repository / Oval Repository
http://support.apple.com/kb/HT4333

About the security content of Safari 5.0.2 and Safari 4.1.2 - Apple Support
Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/43048

Apple Safari Search Path Arbitrary Code Execution Vulnerability
Patch

Products affected by CVE-2010-1805

Apple » Safari » Version: 4.0.0b
cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.0
cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.0.1
cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.0.2
cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.0.3
cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.0.4
cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.1
cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 5.0.1
cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 5.0
cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows
Apple » Safari » Version: 4.0.5
cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
Matching versions
When used together with: Microsoft » Windows

Vulnerability Details : CVE-2010-1805

Exploit prediction scoring system (EPSS) score for CVE-2010-1805

CVSS scores for CVE-2010-1805

CWE ids for CVE-2010-1805

References for CVE-2010-1805

Products affected by CVE-2010-1805