CVE-2007-4424

Name of the Vulnerable Software and Affected Versions Apple Safari for Windows versions 3.0.3 and earlier

Description The issue allows remote attackers to download arbitrary files to the desktop of a client system via certain HTML, as demonstrated by a filename in the DATA attribute of an OBJECT element. This occurs because the browser does not prompt the user before downloading a file.

Recommendations For Apple Safari for Windows versions 3.0.3 and earlier, consider configuring the browser to prompt users before saving files, or avoid using the browser to access untrusted websites until a fix is available. As a temporary workaround, consider restricting the use of the OBJECT element with the DATA attribute to minimize the risk of exploitation.