[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Technical Details of Security Issues Regarding Safari for Windows
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Technical Details of Security Issues Regarding Safari for Windows
- From: "LIUDIEYU dot COM" <liudieyu.com@xxxxxxxxx>
- Date: Sat, 14 Jun 2008 14:08:25 +0800
- Delivered-to: mailing list bugtraq@xxxxxxxxxxxxxxxxx
- Delivered-to: moderator for bugtraq@xxxxxxxxxxxxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-transfer-encoding :content-disposition; bh=W6mTMTZIFxU1n8PuYmYQiLgcCcwyx+G1/DNX4KKmtYU=; b=LyXbuwBjfR3zXTnjSsVXArbK+Awrthjv/KOj1/Q1OlzAfu+ALyo5TwcNuNniI6PzcW +l/XpIYv1dMuWYPC96S3N5pPIDKyu3/et7Lzp2wyPGR6JhwrnL39v2MM1qF9mxx7Ipo6 /UP1MTlyPUFhkeh795tjaqra1qy89RPYqFveY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-transfer-encoding:content-disposition; b=V/migQ5ZQLmRscutT9aXX1MinQmPyMwUL9Kfs6HUlnUyvUOC1L6cPcf4nDQAXmS/yq GWnM1KUprx7TqqLZu7S8BWCfth+pfU7bCeg6/42/Wmk46yhn4B97c3gEDYqaURpXrN7r 06ch5LIZPdkZsPiYkbiizJnn09l2JESXoZ8SQ=
- List-help: <mailto:email@example.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:firstname.lastname@example.org>
- List-subscribe: <mailto:email@example.com>
- List-unsubscribe: <mailto:firstname.lastname@example.org>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
The first issue is the one described in Microsoft Security Advisory
953818. It's worked out by Aviv Raff:
It's covered by news but Aviv Raff has not published technical details
yet. News stories say Microsoft are going to handle this: "The
Internet Explorer bulletin is expected to be cumulative and might
include some remediation for the Safari for Windows vulnerability
disclosed last month by Nitesh Dhanjani"
(It should be Aviv Raff instead of Nitesh Dhanjani, as suggested in
the Microsoft security advisory and Aviv Raff's blog.)
Also it sounds unnatural that Microsoft provide remediation for Safari
vulnerability, and that remediation is distributed in IE patch. I
provide the technical details of this issue for those who are
In my personal opinion this issue is rooted in IE wrongly loading DLL
from desktop(instead of WINDOWS\SYSTEM32).
The second issue is about the possibility that Safari can download
malicious content that has confusing file name and icon which might be
launched later by unknowing user. Details are here:
"A New Security Issue in Safari for Windows, NOT the "Blended Threat"
Described in Microsoft Security Advisory 953818"
In the post I say the main concern comes from LNK(shortcut file). Of
course EXE can also be a concern if file name extension is hidden. But
most people I know do have file name extension displayed in Windows.