|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jass Seljamaa (jass
email.isp.ee)Date: Tue Jan 22 2002 - 05:02:47 CST
-------------------------------------------------
This mail sent through IMP: email.isp.ee
Problem:
Malicious webmaster can execute files, if the victim is
using Internet Explorer 5.
Affected versions:
IE 5.0, probably earlier, on Classic systems(below OS X)
Description:
If you know the file path you can execute watever you want. What makes it
difficult is that macintosh hard drives have different names, just like
folders, not like on Windows - you can refer to the HD by typing c:\.
On OS 9(and above) there are a bunch of AppleScripts called 'speakable items',
which are made to make your life easier. They can be used for example to shut
down the macintosh*, change the resolution, put computer to sleep(a energy-
saving mode), close this window, close all windows etc. The default HD name is
Macintosh HD(all systems I can remember). On OS 9(with the default
configuration) the speakable item named Put Computer To Sleep lies in Macintosh
HD:System Folder:Speakable Items:Put Computer To Sleep.
* - Asks for confirmation.
Exploit:
<META HTTP-EQUIV="refresh" CONTENT="1; URL=file:///Macintosh%20HD/System%20Folder/Speakable%20Items/Put%20Computer%20To%20Sleep">
This will blank the screen and spin down hard disk(s).
Vendor:
I contacted Microsoft 2 months ago, they did not reply.
Jass Seljamaa,
jassisp.ee
GSM: +3725212242
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]