Two vulnerabilities have been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.
1) The problem is that the "help" URI handler allows execution of arbitrary local scripts (.scpt) via the classic directory traversal character sequence using "help:runscript".
2) It is also possible to silently place arbitrary files in a known location, including script files, on a user's system using the "disk" URI handler. Files on disk images can be executed without using the "help" URI handler.
Various variants of the URI handler vulnerabilities are currently being discussed.
This has been confirmed on Macintosh OS X using Safari 1.2.1 (v125.1) and Internet Explorer 5.2. Other browsers and applications supporting URI handlers may also be used as attack vectors.
NOTE: The rating has been upgraded to "Extremely Critical" because the issues are very easy to exploit and a large number of working exploits are available.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Mac OS X URI Handler Arbitrary Code Execution
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.