Apple Safari libxslt File Create

Added: 10/24/2011
CVE: CVE-2011-1774
BID: 48840
OSVDB: 74017

Background

Safari is a web browser for Mac OS X and Windows.

Problem

Safari versions prior to 5.0.6 use unsafe security settings when implementing libxslt. An attacker may leverage this weakness by creating a web page that references a malicious XSLT file. If loaded in a vulnerable Safari client, the attacker may be able to cause the browser to download, save and execute any file of their choice.

Resolution

Upgrade to Apple Safari 5.0.6 or later.

References

http://support.apple.com/kb/HT4808

Limitations

This exploit has been tested against Apple Safari 5.0.5 on Windows XP SP3 English (DEP OptIn).
The payload will not be executed until the next successful login.
The target must be able to connect to an HTTP server running on the SAINT Exploit host. This service listens on port 8000 by default.

Platforms

Windows

Back to exploit index