Apple Safari Windows Installer 本地特权升级漏洞

CNNVD-ID编号	CNNVD-200906-202
CVE编号	CVE-2009-2027
发布时间	2009-06-10
更新时间	2009-06-23
漏洞类型	权限许可和访问控制
漏洞来源	Dave English of Lutnos
危险等级	高危
威胁类型	本地
厂商	apple

漏洞介绍

Windows上的Apple Safari之前的版本4.0版本中的安装软件允许本地用户通过对复选框的检查，获得特权。该文件箱会在安装后会马上运行应用程序，它与未明压缩方法有关。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Apple Safari 3 Beta for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.1 for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.0.1 Beta for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.0.2 Beta for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.0.4 Beta for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.1.1 for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.1.2 for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.2.2 for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

Apple Safari 3.2.3 for Windows

Apple SafariQuickTimeSetup.exe Safari4

http://www.apple.com/safari/download/

Apple SafariSetup.exe Safari4

http://www.apple.com/safari/download/

参考网址

来源: support.apple.com

链接：http://support.apple.com/kb/HT3613
来源: APPLE

名称: APPLE-SA-2009-06-08-1

链接：http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
来源: XF

名称: safari-installer-privilege-escalation(51290)

链接：http://xforce.iss.net/xforce/xfdb/51290

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-202

行业资讯-文章归档问答-问答归档