[23037] in bugtraq
MacOS 9.2, Internet Explorer, Local Vulnerability
daemon@ATHENA.MIT.EDU (Neeko Oni)
Wed Oct 31 14:54:07 2001
From: Neeko Oni <neeko@haackey.com>
Message-Id: <200110311748.f9VHm5N06904@haackey.com>
To: bugtraq@securityfocus.com
Date: Wed, 31 Oct 2001 09:48:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Vulnerability:
Access controls can be evaded on MacOS9.2 using Internet Explorer,
allowing users to execute programs they otherwise would not be
able to run.
Details:
While in the college media lab I attempted to run MacSSH to get
onto my home desktop, I received an error message telling me I
did not have access to run said program. By launching Internet
Explorer 5 Macintosh Edition, and creating a 'ssh' helper application
(with MacSSH as the helper application), I was able to execute MacSSH
without problem. I was logged in under a general student account
(not Admin). This has been tested with applications other than MacSSH.
Tested System: MacOS9.2.1 on an iMac with Internet Explorer.
If this is a known vulnerability, I apologize for the wasted bandwidth.
It's dead simple, but could be used maliciously, quite obviously.
.Neeko Oni. [10.31.01] Happy Halloween.
(neekooni@yahoo.com)
