remotely triggered program execution on MacOS-X Jaguar

[Kai Kretschmann <security () security-gui de>]

Problem: remotely triggered program execution on MacOS-X Jaguar

While surfing with the mac Version of IE 5.2 we reached a IIS driven
webserver.
One downloadlink ending with ".asp" saved the link as a lokal ".asp" 
file and
started the local program "AppleSystemProfiler" which seemed trying to
read the data.

I think it might be possible to force this behavior by targeting the mac
users community to one download link ending with .asp and modifying the
file in such a way the SystemProfiler might run any heap/stack/buffer
overflow.

Anyone tried it already?
--
Kai Kretschmann
www.security-gui.de

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html