CVE-2009-2027 | Vulnerability Database | Aqua Security

The Installer in Apple Safari before 4.0 on Windows allows local users to gain privileges by checking a box that specifies an immediate launch of the application after installation, related to an unspecified compression method.

Affected Software

Name	Vendor	Start Version	End Version
Safari	Apple	*	3.2.3 (including)
Safari	Apple	3.0 (including)	3.0 (including)
Safari	Apple	3.0.1 (including)	3.0.1 (including)
Safari	Apple	3.0.2 (including)	3.0.2 (including)
Safari	Apple	3.0.3 (including)	3.0.3 (including)
Safari	Apple	3.0.4 (including)	3.0.4 (including)
Safari	Apple	3.1 (including)	3.1 (including)
Safari	Apple	3.1.1 (including)	3.1.1 (including)
Safari	Apple	3.1.2 (including)	3.1.2 (including)
Safari	Apple	3.2 (including)	3.2 (including)
Safari	Apple	3.2.1 (including)	3.2.1 (including)
Safari	Apple	3.2.2 (including)	3.2.2 (including)

References

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://support.apple.com/kb/HT3613
http://www.securityfocus.com/bid/35339
https://exchange.xforce.ibmcloud.com/vulnerabilities/51290
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://support.apple.com/kb/HT3613
http://www.securityfocus.com/bid/35339
https://exchange.xforce.ibmcloud.com/vulnerabilities/51290

NVD	https://nvd.nist.gov/vuln/detail/CVE-2009-2027
CWE	https://cwe.mitre.org/data/definitions/264.html