Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Safari for Windows Lets Remote Users Upload Arbitrary File
SecurityTracker Alert ID:  1018575
SecurityTracker URL:
CVE Reference:   CVE-2007-4424   (Links to External Site)
Updated:  Apr 24 2008
Original Entry Date:  Aug 16 2007
Impact:   Modification of user information
Exploit Included:  Yes  
Version(s): 3.0.3
Description:   A vulnerability was reported in Safari. A remote user can cause arbitrary files to be uploaded without user interaction.

The Windows version of the browser downloads files automatically without user approval, including executables. The default location is the Windows Desktop.

A remote user can create HTML that, when loaded by the target user, will cause an arbitrary file to be written to the target user's desktop.

Laurent Gaffie reported this vulnerability.

Impact:   A remote user can cause arbitrary files to be uploaded.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Safari for windows remote arbitry file upload

Product: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :
Demo url:
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No


1) Introduction
2) Bug
3) Proof of concept
4) Conclusion

1) Introduction

"Now you can enjoy worry-free web browsing on any computer.
Apple engineers designed Safari to be secure from day one."

2) Bug
safari browser doesn't prompt for a download, it just download the file and send it directly 
on the desktop, which is totally unsecure on a windows operating system.

3)proof of concept
( will upload a .pif directly on your desktop without any prompt ... )

4) Conclusion
Any potentially dangerous file should be prompted(like .exe , .com , .pif , etc ) 
before uploading the file .

regards laurent gaffié


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, LLC