CVE-2008-2540

Name of the Vulnerable Software and Affected Versions Apple Safari versions prior to 3.1.2 on Windows Apple Safari on Mac OS X (affected versions not specified) Internet Explorer 7 on Windows XP (affected versions not specified) Windows XP, Vista, and Server 2003 and 2008 (affected versions not specified)

Description The issue allows remote attackers to place malware into specific directories, which can lead to the execution of arbitrary code. This is possible due to an untrusted search path vulnerability in certain Windows components and Internet Explorer. An attacker could exploit this by convincing a user to download a specially crafted file to a specific location or by constructing a specially crafted web page. If successfully exploited, an attacker could gain the same user rights as the logged-on user, potentially taking complete control of an affected system.

Recommendations For Apple Safari on Windows, update to version 3.1.2 or later. For Apple Safari on Mac OS X, consider disabling the automatic download feature for unrecognized content types until a patch is available. For Internet Explorer 7 on Windows XP, restrict access to untrusted websites and avoid opening suspicious files. For Windows XP, Vista, and Server 2003 and 2008, consider implementing additional security measures to prevent the exploitation of the SearchPath function vulnerability, such as restricting file access permissions. At the moment, there is no information about a newer version that contains a fix for this vulnerability in Mac OS X.