OSVDB ID: 23510

Title: Apple Safari ZIP Archive File Extension Mismatch Arbitrary File Execution

Info

Disclosure

Feb 21, 2006

Discovery

Unknown

Dates

Exploit

Mar 10, 2006

Solution

Mar 17, 2006

Description

Safari contains a flaw that may allow arbitrary commands execution when user opens malicious Web page or HTML email attachment. The issue is triggered due to an error in the processing of file association meta data in ZIP archives (stored in the "__MACOSX" folder) and mail messages (defined via the AppleDouble MIME format). It is possible that the flaw may result in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Other
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

Vendor has released a patch to address this vulnerability. It is possible to correct the flaw by implementing the following workaround: Disable "Open 'safe' files after downloading" in Safari's General preferences.

Products

Apple Computer, Inc.	Mac OS X	10.4.5
	Safari	2.0.3
	Mail	2.0.5

References

Security Tracker: 1015652
Bugtraq ID: 16736
Secunia Advisory ID: 18963
CVE ID: 2006-0848 (see also: NVD)
Metasploit ID: 23510
ISS X-Force ID: 24808
CERT VU: 999708
VUPEN Advisory: ADV-2006-0671
Vendor Specific Advisory URL: http://docs.info.apple.com/article.html?artnum=303382
http://docs.info.apple.com/article.html?artnum=303453
Other Advisory URL: http://isc.sans.org/diary.php?date=2006-02-20
http://www.mathematik.uni-ulm.de/numerik/staff/lehn/macosx.html
http://www.mathematik.uni-ulm.de/~lehn/mac.html
Mail List Post: http://metasploit.com/archive/framework/msg00862.html
Generic Exploit URL: http://secunia.com/mac_os_x_command_execution_vulnerability_test/
http://www.frsirt.com/exploits/20060222.safari_safefiles_exec.pm.php
http://www.saintcorporation.com/cgi-bin/exploit_info/safari_safe_file_explicit_bind
Vendor URL: http://www.apple.com/
News Article: http://www.heise.de/english/newsticker/news/69862
http://www.heise.de/english/newsticker/news/69919
http://www.internetnews.com/security/article.php/3586416
Keyword: Security Update 2006-001,Security Update 2006-002
US-CERT Cyber Security Alert: TA06-053A

Credit

Michael Lehn - lehnmathematik.uni-ulm.de -

Direct URL: http://osvdb.org/23510

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

Safari

Mail

References

Credit