Full Disclosure mailing list archives
Re: Technical Details of Security Issues Regarding Safari for Windows
From: "LIUDIEYU dot COM" <liudieyu.com () gmail com>
Date: Wed, 11 Jun 2008 19:53:39 +0800
Errata -- The PNG graphic can't be reached directly. Can be viewed by following link in the aforementioned blog entry: http://liudieyu0.blog124.fc2.com/blog-entry-5.html On Wed, Jun 11, 2008 at 5:17 PM, LIUDIEYU dot COM <liudieyu.com () gmail com> wrote:
Aviv really gave huge hint on the issue: http://blog-imgs-24.fc2.com/l/i/u/liudieyu0/00000001.png ( posted at http://liudieyu0.blog124.fc2.com/blog-entry-5.html ) On Tue, Jun 10, 2008 at 10:28 PM, LIUDIEYU dot COM <liudieyu.com () gmail com> wrote:The first issue is the one described in Microsoft Security Advisory 953818. It's worked out by Aviv Raff: http://www.microsoft.com/technet/security/advisory/953818.mspx http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx It's covered by news but Aviv Raff has not published technical details yet. News stories say Microsoft are going to handle this: "The Internet Explorer bulletin is expected to be cumulative and might include some remediation for the Safari for Windows vulnerability disclosed last month by Nitesh Dhanjani" http://news.cnet.com/8301-10789_3-9959752-57.html?part=rss&subj=news&tag=2547-1_3-0-20 (It should be Aviv Raff instead of Nitesh Dhanjani, as suggested in the Microsoft security advisory and Aviv Raff's blog.) Also it sounds unnatural that Microsoft provide remediation for Safari vulnerability, and that remediation is distributed in IE patch. I provide the technical details of this issue for those who are interested: http://liudieyu0.blog124.fc2.com/blog-entry-1.html In my personal opinion this issue is rooted in IE wrongly loading DLL from desktop(instead of WINDOWS\SYSTEM32). The second issue is about the possibility that Safari can download malicious content that has confusing file name and icon which might be launched later by unknowing user. Details are here: "A New Security Issue in Safari for Windows, NOT the "Blended Threat" Described in Microsoft Security Advisory 953818" http://liudieyu0.blog124.fc2.com/blog-entry-3.html In the post I say the main concern comes from LNK(shortcut file). Of course EXE can also be a concern if file name extension is hidden. But most people I know do have file name extension displayed in Windows.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Technical Details of Security Issues Regarding Safari for Windows LIUDIEYU dot COM (Jun 10)
- Re: Technical Details of Security Issues Regarding Safari for Windows LIUDIEYU dot COM (Jun 11)
- Re: Technical Details of Security Issues Regarding Safari for Windows LIUDIEYU dot COM (Jun 11)
- Re: Technical Details of Security Issues Regarding Safari for Windows LIUDIEYU dot COM (Jun 11)