Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-3186 — Apple Safari vulnerability

CWE-2645 documents3 sources

Severity

9.3CRITICALNVD

NVD7.5

EPSS

9.3%

top 7.26%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedJun 12

Latest updateMay 1

Description

Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari7 versions+6

🔴Vulnerability Details

GHSA

GHSA-2cg6-2qh8-qh5p: Multiple unspecified vulnerabilities in Apple Safari for Windows allow remote attackers to cause a denial of service or execute arbitrary code, possib↗2022-05-01

▶

GHSA

GHSA-wq5q-28hc-6vmg: Apple Safari Beta 3↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Safari 3 for Windows - Protocol Handler Command Injection↗2007-06-12

▶