Safari For Windows: Vulnerability And Exploits

Tuesday | email this | digg it

Leave your comment Posted by Anoop Pandey

Published in Hacking

The Long Wait is over and finally Safari, the most popular web browser on MAC platform by Apple is released for Windows.

However this version is far from perfect. It has several severe Vulnerabilities. On the very first day of its release Thor Larholm exposed some serious security breaches.

Topping the list is the lack of input validation for the command line arguments before they are handed over to various URL protocol handlers in the system.

Here is a simple demonstration of the exploit.
This exploit will pass on an unfiltered input for the -chrome argument when it has bounced through firefox via gopher protocol.

In this example C:\Windows\System32\cmd.exe will be launched with any arguments that have been specified in the call to the process.run method.

Cheers For Safari!!!!

1 Responded To This Post

john said in March 17, 2008 10:36 PM

please add my link.I have added yours....check at http://giveujob.blogspot.com

Troubleshooting

HP Laptop Not Charging By Charger/Adapter - Battery Check Shows Battery Broken And Asks To Replace
HDD Not Recognized After Format When Installing Windows - "No Hard Disk Detected"
Drive Not Opening By Double Click- Virus Problem

Mobile Arena

Slower Running / Hanging Of Nokia SmartPhone Moblies
Rescueing SMS Messages Before Formatting Smartphones / Transferring To Other Smartphone
Bugs, Hacks And Cheats In Nokia 1600/2600

Subscribe Tech-Hut

Subscribe To Recieve All The Latest Articles In Your Inbox As Soon As They Get Live On web

Enter your Email

Preview | Powered by FeedBlitz

Administrative Login

......CLICK HERE TO LOGIN.......

Note:- Only For Site Administrators, Permanent/Guest Authors

Linux/Unix Zone

Useful Linux/Unix Commands: 10 Handy Uncommons
Linus Says..
Fun In UNIX - Funny Tricks For Unix/Linux

Save Page As PDF

News & Reviews

Surun Infocore Systems: Free-Of-Cost Call Center For Computer Assistance
Tech-Hut Mobile Launched : The Ultimate Place For All Your Mobile Needs
Get Free Yahoo Mash Invitations : Request Yahoo Mash Invitation Here We Will Send Yahoo Mash Invitation On Your Mail

Downloads

Windows Password Cracker
Microsoft BootVis
PCI Data Recovery Software
HijackThis
Registry Mechanic 6.0

All the downloads are in Zip file, With password-> tech-hut

General Computing

Tricks For Faster Internet Connection Speed - (l)
Creating Folder Named CON : Why You Cant Create And How To Create
What To Do When the Computer Gets Infected By Virus : Re enabling Folder Options, Registry Editor Disabled , Missing Internet Option
Creating Time Restictions For User Account On the Computer
How To Disable / Uninstall Windows Live Messenger
Proxy Server: What They Are Abd How To Use Them In Bypassing Blocked Sites
Working Tips To Boost Your Computer's Speed : How To Increase The Virual Memory
Disabling Unnecessary Windows Services For Faster Booting
Cool Prank Tricks
Hard Disk Fixes To Speed Up PC : Defragmentation
Registry Twaeks To Inhance Your Computer's Performance
Optimizing Boot Speed For Faster Booting : Using Bootvis Utility And Other Other Tricks
Special Folder Icons On Desktop : How To Delete Recycle Bin And How To Get It Back
Some Advanced Shutdown Options : How To Create Shutdown/Restart/Hibernate Timers
Add A Website As A desktop Wallpaper
How To Change Drive Icon Of Any Drive
How To Display Company Logo Image On Start Up Screen / Boot Screen
Breaking Internet Explorer's Content Supervisor Password
Manually Initiate A System Crash : How To Debug Crash Log
Multiple Mail Addresses..... Single Gmail ID
Simplest Way To Crack WMP11 : Installing Windows Media Player 11 On Pirated Copies Of Windows
Clipboard? What They Are?
Hiding Folders Without 3rd Party Software
Fun With Notepad

Tech-Hut : Extreme