VULNERABILITIES IN SAFARI BROWSER FOR WINDOWS
The Long Wait is over and finally Safari, the most popular web browser on MAC platform by Apple is released for Windows.
However this version of safari browser for windows far from perfect. It has several severe Vulnerabilities. On the very first day of its release Thor Larholm exposed some serious security breaches.
Topping the list is the lack of input validation for the command line arguments before they are handed over to various URL protocol handlers in the system.
Here is a simple demonstration of the exploit demonstrating how it could be done in safari browser for windows .
This exploit will pass on an unfiltered input for the -chrome argument when it has bounced through firefox via gopher protocol.
In this example C:\Windows\System32\cmd.exe will be launched with any arguments that have been specified in the call to the process.run method.
< stands for < , and > for >
Cheers For Safari Browser For Windows!!!!