Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
Published 2011-10-14 10:55:09
Updated 2017-08-29 01:30:07
Source Apple Inc.
View at NVD,   CVE.org
Vulnerability category: Execute code

Products affected by CVE-2011-3230

Exploit prediction scoring system (EPSS) score for CVE-2011-3230

93.13%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2011-3230

  • Apple Safari file:// Arbitrary Code Execution
    Disclosure Date: 2011-10-12
    First seen: 2020-04-26
    exploit/osx/browser/safari_file_policy
    This module exploits a vulnerability found in Apple Safari on OS X platform. A policy issue in the handling of file:// URLs may allow arbitrary remote code execution under the context of the user. In order to trigger arbitrary remote code execution, the best way

CVSS scores for CVE-2011-3230

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST

CWE ids for CVE-2011-3230

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3230

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!