Bugtraq mailing list archives
Re: Re: Safari for windows remote arbitry file upload
From: Neil Dickey <neil () geol niu edu>
Date: Mon, 20 Aug 2007 17:08:00 -0500 (CDT)
laurent.gaffie () gmail com wrote in response to me:
"I don't see that this is a bug. Could you explain a little more fully?" well configured like this by default,it's a security hole . it's a perfect hole for a virus, trojan, etc. you can send any malicous files to a remote desktop via a malicious website or even a XSS , like an executable with a "my computer" icon ( for exemple .. )
OK, but there's no bug in the program that's exploitable in itself. The downloaded malware doesn't execute automatically without user input. Safari is doing exactly what it's designed to do. It's a configuration problem, rather like when the Windows operating system was still being shipped to users in what I called "suicide mode," not a bug in the program. Should Safari be configured differently by default? I certainly think so; but this isn't really a bug. Best regards, Neil Dickey, Ph.D. Research Associate/Sysop Geology Department Northern Illinois University DeKalb, Illinois 60115
Current thread:
- Safari for windows remote arbitry file upload laurent . gaffie (Aug 15)
- <Possible follow-ups>
- Re: Safari for windows remote arbitry file upload Neil Dickey (Aug 15)
- Re: Re: Safari for windows remote arbitry file upload laurent . gaffie (Aug 17)
- Re: Re: Safari for windows remote arbitry file upload Neil Dickey (Aug 20)