Safari For Windows: Vulnerability And Exploits

Tuesday | Labels: | |

The Long Wait is over and finally Safari, the most popular web browser on MAC platform by Apple is released for Windows.

However this version is far from perfect. It has several severe Vulnerabilities. On the very first day of its release Thor Larholm exposed some serious security breaches.

Topping the list is the lack of input validation for the command line arguments before they are handed over to various URL protocol handlers in the system.

Here is a simple demonstration of the exploit.
This exploit will pass on an unfiltered input for the -chrome argument when it has bounced through firefox via gopher protocol.

In this example C:\Windows\System32\cmd.exe will be launched with any arguments that have been specified in the call to the process.run method.




Cheers For Safari!!!!

1 comments:

  1. john says: March 17, 2008 10:36 PM  

    please add my link.I have added yours....check at http://giveujob.blogspot.com

Post a Comment

Subscribe to: Post Comments (Atom)
Not Getting What You Are Looking for?? Try This Google Search To Find Articles From Tech-Hut KnowledgeBase And Whole Internet
 
Glossy Blue by N.Design Studio
Blogger Templates by Blogcrowds