=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN193
_____________________________________________________________________

DATE                      : 02/06/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP SP2, Windows XP Professional
                               x64 Edition, Windows Vista running Safari.

======================================================================
http://www.microsoft.com/technet/security/advisory/953818.mspx
______________________________________________________________________

Microsoft Security Advisory (953818)

Blended Threat from Combined Attack Using Apple’s Safari on the Windows
Platform

Published: May 30, 2008

Microsoft is investigating new public reports of a blended threat that
allows remote code execution on all supported versions of Windows XP and
Windows Vista when Apple’s Safari for Windows has been installed.
Safari is not installed with Windows XP or Windows Vista by default; it
must be installed independently or through the Apple Software Update
application. Customers running Safari on Windows should review this
advisory.

At the present time, Microsoft is unaware of any attacks attempting to
exploit this blended threat. Upon completion of this investigation,
Microsoft will take the appropriate measures to protect our customers.
This may include providing a solution through a service pack, the
monthly update process, or an out-of-cycle security update, depending on
customers needs.

Mitigating Factors:

Customers who have changed the default location where Safari downloads
content to the local drive are not affected by this blended threat.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================