1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Safari IE Remote Code Exec

HTTP Safari IE Remote Code Exec

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempt to exploit a remote code execution by opening specially crafted pages in Safari bowser and then launching IE.

Additional Information

A vulnerability has been reported that occurs in Apple Safari on the Microsoft Windows operating system. The issue is due to a combination of security issues in Apple Safari and all versions of Microsoft XP and Vista that will allow executables to be downloaded to a user's computer and executed without prompting.

Microsoft has stated that the issue occurs when the download location for content in Safari is set to the Microsoft Windows desktop.

An attack can occur when Safari is used to visit a malicious web page. A successful attack would result in execution of a malicious executable in the context of the currently logged in user.

Third-party sources have indicated that the vulnerability in Apple Safari is the "carpet-bombing" issue reported by Nitesh Dhanjani. If the issue is exploited, attacked-specified content is downloaded to the user's desktop without prompting. However, the Safari issue alone does not let an attacker execute the content. It is speculated that an additional issue in Microsoft Windows can be exploited in tandem with this issue to result in execution of the content that is downloaded to the user's desktop.

This vulnerability may be split into multiple BIDs to describe the issues in Safari and Microsoft Windows when more information becomes available.


Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube