[Webkit-unassigned] [Bug 14081] New: Safari for Windows, 0day URL protocol handler command injection
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 11 19:01:18 PDT 2007
http://bugs.webkit.org/show_bug.cgi?id=14081
Summary: Safari for Windows, 0day URL protocol handler command
injection
Product: WebKit
Version: 522+ (nightly)
Platform: PC
URL: http://larholm.com/2007/06/12/safari-for-windows-0day-
exploit-in-2-hours/
OS/Version: Windows XP
Status: UNCONFIRMED
Severity: Critical
Priority: P2
Component: Platform
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: bugs.webkit.org at larholm.com
There is a URL protocol handler command injection vulnerability in Safari for
Windows that allows you to execute shell commands with arbitrary arguments.
This vulnerability can be triggered without user interaction simply by visiting
a webpage. The full advisory and a working Proof of Concept exploit can be
found at the above URL.
I'm guessing that Webkit might be affected as well.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list