SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Apple Safari Vendors:   Apple
Safari for Windows Lets Remote Users Upload Arbitrary File
SecurityTracker Alert ID:  1018575
SecurityTracker URL:  http://securitytracker.com/id/1018575
CVE Reference:   CVE-2007-4424   (Links to External Site)
Updated:  Apr 24 2008
Original Entry Date:  Aug 16 2007
Impact:   Modification of user information
Exploit Included:  Yes  
Version(s): 3.0.3
Description:   A vulnerability was reported in Safari. A remote user can cause arbitrary files to be uploaded without user interaction.

The Windows version of the browser downloads files automatically without user approval, including executables. The default location is the Windows Desktop.

A remote user can create HTML that, when loaded by the target user, will cause an arbitrary file to be written to the target user's desktop.

Laurent Gaffie reported this vulnerability.
Impact:   A remote user can cause arbitrary files to be uploaded.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.apple.com/safari (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents
Subject:  Safari for windows remote arbitry file upload

Product: Safari browser for windows
Tested on: Last version ( 3.0.3 )
Download url :http://www.apple.com/safari/
Demo url: http://images.apple.com/movies/us/apple/safari/2007/wwdc/apple-safari_672x416.mov
Bug: Remote arbitry file upload
Impact: Critical
Fix Available: No

-------------------------------------------------------

1) Introduction
2) Bug
3) Proof of concept
4) Conclusion

===============
1) Introduction
===============

"Now you can enjoy worry-free web browsing on any computer.
Apple engineers designed Safari to be secure from day one."

======
2) Bug
======
safari browser doesn't prompt for a download, it just download the file and send it directly 
on the desktop, which is totally unsecure on a windows operating system.


==================
3)proof of concept
==================
http://dams083.free.fr/tmp/index.php
( will upload a .pif directly on your desktop without any prompt ... )



=============
4) Conclusion
=============
Any potentially dangerous file should be prompted(like .exe , .com , .pif , etc ) 
before uploading the file .


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC