Secunia
Login
|
|
|
|
|
|
|
|
|
Mac OS X URI Handler Arbitrary Code Execution
Release Date: 2004-05-17 Last Update: 2004-05-22 Views: 133,491
Secunia Advisory SA11622
Where:
From remote
Impact:
System access,
Solution Status:
Vendor Patch
CVE Reference(s):
Description
Two vulnerabilities have been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.
1) The problem is that the "help" URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using "help:runscript".
2) It is also possible to silently place arbitrary files in a known location, including script files, on a user's system using the "disk" URI handler. Files on disk images can be executed without using the "help" URI handler.
Various variants of the URI handler vulnerabilities are currently being discussed.
This has been confirmed on Macintosh OS X using Safari 1.2.1 (v125.1) and Internet Explorer 5.2. Other browsers and applications supporting URI handlers may also be used as attack vectors.
NOTE: The rating has been upgraded to "Extremely Critical" because the issues are very easy to exploit and a large number of working exploits are available.
Solution:
Apple has issued patches:
Further details available to Secunia VIM customers
Provided and/or discovered by:
Various persons and web sites has reported and discussed these issues.
Apple credits lixlpixel and René Puls with the discovery of these issues.
Original Advisory:
http://fundisom.com/owned/warning
Deep Links:
Links available to Secunia VIM customers
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com
Subject: Mac OS X URI Handler Arbitrary Code Execution
|
No posts yet |
|
You must be logged in to post a comment. |
