[Webkit-unassigned] [Bug 14081] New: Safari for Windows, 0day URL protocol handler command injection

Mon Jun 11 19:01:18 PDT 2007

http://bugs.webkit.org/show_bug.cgi?id=14081

           Summary: Safari for Windows, 0day URL protocol handler command
                    injection
           Product: WebKit
           Version: 522+ (nightly)
          Platform: PC
               URL: http://larholm.com/2007/06/12/safari-for-windows-0day-
                    exploit-in-2-hours/
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P2
         Component: Platform
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: bugs.webkit.org at larholm.com

There is a URL protocol handler command injection vulnerability in Safari for
Windows that allows you to execute shell commands with arbitrary arguments.
This vulnerability can be triggered without user interaction simply by visiting
a webpage. The full advisory and a working Proof of Concept exploit can be
found at the above URL.

I'm guessing that Webkit might be affected as well.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.