Safari archive metadata command execution

Added: 02/24/2006
CVE: CVE-2006-0848
BID: 16736
OSVDB: 23366

Background

The Safari web browser supports explicit binding, which allows a file to override the default application for its file type. Safe files are files such as pictures, movies, and archives which are opened automatically when downloaded.

Problem

Safari does not check for explicit binding before opening a file it believes is safe. This could allow the automatic execution of shell scripts contained within a specially crafted archive file.

Resolution

Disable the open safe files after downloading option.

References

http://www.kb.cert.org/vuls/id/999708

Limitations

This exploit requires a user to follow a link to the exploit. Exploit works on Mac OS X 10.4.

Platforms

Mac OS 10.4

Back to exploit index