Remote exploit released for brand-new Safari for Windows Comments

ZDNet Blogs by Ryan Naraine - Jun 12, '07 8:55am
Add to Favorites Add to Live.com Add to Google Add to del.icio.us Add to Yahoo! Add to Digg Add to Reddit Add to Technorati Add to StumbleUpon Security researcher Thor Larholm has found what might be the first remote code execution vulnerability in Apple's shiny new Safari for Windows. Larholm (left) has released an advisory with proof-of-concept code to demo the vulnerability, which can be used to take complete control of a Windows PC if the user simply surfs to a Web page. Click here for a demo of the flaw, which triggers a Safari crash and bounces through Firefox via the Gopher protocol. Larholm explains: The logic behind this vulnerability is quite simple and the vulnerability class has been known and understood for years, namely that of protocol handler command injection. A browser typically consists of a multitude of different URL schemes, some of which are...
Be the first to comment this.
Name: (required)
Email:   (not displayed, optional)
URL:     (optional)
          Remember info in safe cookie
Comments: (all HTML will be stripped)

Security Code:
© 2007 · wiredb.com · All trademarks are properties of their respective owners.