Safari flaw + IE flaw = Critical Vulnerability

Microsoft warned that a previously reported flaw of Apple Safari can be combined with a flaw in Internet Explorer to run unauthorized program on users’ computers.

The Apple Safari’s flaw, reported since May 15th, could allow a malicious web site to download any executable to the user’s Desktop without consent and this wrong behavior can be linked to a Microsoft Internet Explorer’s flaw that mishandle executables located on the Desktop allowing to run them, still without the user consent.

Links
Microsoft Security Advisory (953818): http://www.microsoft.com/technet/security/advisory/953818.mspx;

Nitesh Dhanjani’s Advisory: http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html;

Aviv Raff’s Advisory: http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: