apple
Safari “carpet bombing” exploit released in the wild
Your bookshelf is not complete without these books! Check out the Absolutely Must Have Books List
In what appears to be an attempt to provoke Apple to reconsider its currently passive position on the severity of the dubbed as “carpet bomb”
flaw, a working Proof of Concept exploit code has been released at Liu Die Yu’s security blog :
Nitesh Dhanjani discovered that Safari for Windows puts downloads automatically to Desktop and argued this can potentially make a mess of Desktop, naming it the effect of “Safari Carpet Bomb”. Later Microsoft issued an advisory stating “remote code execution on all supported versions of Windows XP and Windows Vista” and “Aviv Raff for working with us and reporting the blended threat of Safari and Microsoft Internet Explorer”. Aviv Raff posted on his blog “Safari pwns Internet Explorer”, clarifying “this combined attack also exploits an old vulnerability in Internet Explorer that I’ve already reported to them a long long time ago”.
The old vulnerability that Aviv Raff reported to Microsoft long time ago is described in two articles by Aviv Raff: IE7 DLL-load hijacking Code Execution Exploit PoC, and Internet Explorer 7 - Still Spyware Writers Heaven, both dating back to 2006(yeah that’s really “a long long time ago”). This vulnerability lies in Windows Internet Explorer loading program library files(DLL) from user’s Desktop instead of its own library file folder(usually C:\WINDOWS\SYSTEM32), when filenames are set to some specific values.
