Full Disclosure mailing list archives
remotely triggered program execution on MacOS-X Jaguar
From: Kai Kretschmann <security () security-gui de>
Date: Thu, 30 Oct 2003 07:53:25 +0100
Problem: remotely triggered program execution on MacOS-X Jaguar While surfing with the mac Version of IE 5.2 we reached a IIS driven webserver.One downloadlink ending with ".asp" saved the link as a lokal ".asp" file and
started the local program "AppleSystemProfiler" which seemed trying to read the data. I think it might be possible to force this behavior by targeting the mac users community to one download link ending with .asp and modifying the file in such a way the SystemProfiler might run any heap/stack/buffer overflow. Anyone tried it already? -- Kai Kretschmann www.security-gui.de _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- remotely triggered program execution on MacOS-X Jaguar Kai Kretschmann (Oct 29)