|
Vulnerability Internet Explorer Affected Mac OS with Internet Explorer 3.0 Description Andrew McNaughton posted following. Microsoft Explorer version 3.0 PPC running on a mac is quite happy to write form output data to a local file, possibly overwriting existing data. You may overwrote your own form with <FORM ACTION = "">, entered when you want to see the appearance of the form. Also, absolute addressing is possible using file:// and this can be abused through a remote form. A Maliciously written Form might include the following: <FORM ACTION="file:///Hard_Disk/Desktop%20Folder/Untitled.html" METHOD="POST"> <INPUT NAME="This could have overwritten anything!" TYPE=Hidden> <Input Type=Submit> </FORM> The file Hard_Disk:Desktop Folder:Untitled.html gets written or overwritten, and recieves the following contents: This+could+have+overwritten+anything%21= The potential for writing particular data to the file is limited by the URL encoding of the Form Output, and such attacks are for the most part going to be impossible. Damage to what is already on the machine is more likely. If however there is a convenient text encoded compression format that is recognised by stuffit expander, then it might be possible to get things excecuted by storing them in suitableform in the startup items folder. Solution Nothing yet.