COMMAND

	IE on Macintosh is prone to DoS by malicious webmasters

SYSTEMS AFFECTED

	IE 5.0 and MacOS < X

PROBLEM

	Jass Seljamaa posted :
	

	If you know the file path you can execute watever you want.  What  makes
	it difficult is that macintosh hard drives have  different  names,  just
	like folders, not like on Windows - you can refer to the  HD  by  typing
	c:\\. On OS 9(and above)  there  are  a  bunch  of  AppleScripts  called
	\'speakable items\',
	

	which are made to make your life easier. They can be  used  for  example
	to shut down the macintosh*, change  the  resolution,  put  computer  to
	sleep(a energy- saving mode), close this window, close all windows  etc.
	The default HD name is Macintosh HD(all systems I can remember).  On  OS
	9(with the default configuration) the speakable item named Put  Computer
	To Sleep lies in Macintosh
	

	 Exploit:

	

	

	<META HTTP-EQUIV=\"refresh\" CONTENT=\"1; URL=file:///Macintosh%20HD/System%20Folder/Speakable%20Items/Put%20Computer%20To%20Sleep\">

	

	

	This will blank the screen and spin down hard disk(s).

SOLUTION

	None