Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

Mac browsers vulnerable to hackers
From: InfoSec News <isn () c4i org>
Date: Tue, 18 May 2004 05:14:55 -0500 (CDT)
http://www.macworld.co.uk/news/main_news.cfm?NewsID=8696

By Macworld staff
May 18, 2004

Computer security firm Secunia is warning of a new security
vulnerability affecting Mac Internet browsers Safari 1.x and Internet
Explorer 5.x.

The report claims the weakness: "Potentially allows malicious Web
sites to compromise a vulnerable system".

"The problem is that the "help" URI handler allows execution of
arbitrary local scripts (.scpt) via the classic directory traversal
character sequence using 'help:runscript'", the warning explains.

This makes it possible for malicious computer users to place
"arbitrary" files (including script files) in a known location on a
user's system - but only if either browser has been set-up to open
safe files after they are downloaded. This is the default browser
setting.

Secunia recommends users switch off the latter capability in Safari's
preferences folder; that they do not go online as a "privileged user"  
and that they rename the help handler, though no instructions related
to the latter are avaiable.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org

  By Date           By Thread  

Current thread:
  • Mac browsers vulnerable to hackers InfoSec News (May 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]