A new vulnerability in Safari for Windows has been confirmed by the U.S. Computer Emergency Readiness Team (US-CERT). The team said it had confirmed the exploit for the Windows version of Safari 4.0.5, but that “other versions may also be affected.”
The exploit makes it possible for the bad guys to take over your PC when the victim pulls up a maliciously crafted HTML document. The research advisory issued said, “By convincing a victim to view an HTML document (web page, HTML e-mail, or e-mail attachment) with Apple Safari, an attacker could run arbitrary code with the privileges of the user running the application.”
US-CERT attributed Krystian Kloskowski for disclosing the vulnerability.