Safari archive metadata command execution

Added: 02/24/2006
CVE: CVE-2006-0848
BID: 16736
OSVDB: 23366


The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when downloaded.


Safari does not check for explicit binding before opening a file it believes is safe. This could allow the automatic execution of shell scripts contained within a specially crafted archive file.


Disable the open safe files after downloading option.



This exploit requires a user to follow a link to the exploit. Exploit works on Mac OS X 10.4.


Mac OS 10.4

Back to exploit index