Re: Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability

["Thor (Hammer of God)" <thor () hammerofgod com>]

On Nov 27, 2012, at 5:52 PM, Vulnerability Lab <research () vulnerability-lab com> wrote:

> Proof of Concept:
> =================
> The software validation vulnerability can be exploited by local attackers with required user interaction and 
> privileged local system account.
> For demonstration or reproduce ...
>
> PoC: Script Code Inject
> "<h1>VL Tester</h1>
> “<iframe src=http://vuln-lab.com>>
> "<iframe src=vuln-lab.com onload=alert("VLab") <>
> "<script>alert(document.cookie)</script><div style="1
>
>
> Solution:
> =========
> The vulnerability can be patched by parsing the search string input field and result output (listing) web context.
>
>
> Risk:
> =====
> The security risk of the remote command execution vulnerability is estimated as high(+).

Given the required user interaction and privileged local system account and other operational dependancies, by what 
means did you estimate a "high" risk?   I guess the basic question would be "how do you even classify this as a risk" 
in the first place.   Do you have some system of calculating risk or is it just a "gut feeling" type classification?

t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/