Intrusion Prevention

Apple.Safari.URL.Protocol.Handler.Command.Injection

Description

This vulnerability in Safari Beta 3 for Windows occurs due to the lack of proper input validation for the command line arguments passed to the various URL protocol handlers. It is possible to trigger this exploit without user interaction, simply by visiting a webpage.

Affected Products

Safari Beta 3 for Windows.

Impact

System Compromise, remote code execution.

Recommended Actions

Currenty we are not aware of any officially released patch or update.

CVE References

CVE-2007-3186