Thor Larholm has discovered a remote command execution vulnerability in the newly released Safari for Windows (Beta) just a day after it was released. The vulnerability is caused by Safari's failure to validate user-supplied strings before passing them as parameters to external URL protocol handlers. The vulnerability can be exploited to execute arbitrary code on a victim's computer just by making them view a malicious web page in Safari.
Some other vulnerability researchers have reportedly discovered moreremote command execution vulnerabilities in Safari. However, as of now, only the vulnerability discovered by Larholm can be independently confirmed.