Mac OS X LaunchServices Download Validation Bypass

2006-07-14T08:04:30
ID OSVDB:27743
Type osvdb
Reporter OSVDB
Modified 2006-07-14T08:04:30

Description

Vulnerability Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary Javascript code. The issue is triggered when LaunchServices identifies certain HTML files as "safe," and Safari's "open 'safe' files after downloading" option is enabled, which may allow Javascript code in the file to run locally and bypass restrictions placed on remote code. It is possible that the flaw may allow arbitrary Javascript code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch (Security Update 2006-004) to address this vulnerability.

Short Description

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary Javascript code. The issue is triggered when LaunchServices identifies certain HTML files as "safe," and Safari's "open 'safe' files after downloading" option is enabled, which may allow Javascript code in the file to run locally and bypass restrictions placed on remote code. It is possible that the flaw may allow arbitrary Javascript code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:21253 Related OSVDB ID: 27730 Related OSVDB ID: 27731 Related OSVDB ID: 27734 Related OSVDB ID: 27735 Related OSVDB ID: 27736 Related OSVDB ID: 27739 Related OSVDB ID: 27741 Related OSVDB ID: 27732 Related OSVDB ID: 27733 Related OSVDB ID: 27737 Related OSVDB ID: 27740 Related OSVDB ID: 27738 Related OSVDB ID: 27742 Related OSVDB ID: 27744 Related OSVDB ID: 27745 CVE-2006-3504