microsoft.public.security
Affichage de l'article :
Re: downloading .exe files

Date : Le 04 avril 2008
From : MowGreen [MVP]
Sujet : Re: downloading .exe files

Safari Address Bar Spoofing and Memory Corruption Vulnerabilities
http://secunia.com/advisories/29483/

Critical: Highly critical
Impact: Spoofing System access
Where: From remote
Solution Status: Unpatched

" Juan Pablo Lopez Yacubian has discovered two vulnerabilities in
Safari, which can be exploited by malicious people to conduct spoofing
attacks or potentially compromise a user's system.

1) An error when downloading e.g. a .ZIP file with an overly long
filename can be exploited to cause a memory corruption.

Successful exploitation may allow execution of arbitrary code.

2) An error in the handling of windows can be exploited to display
arbitrary content while showing the URL of a trusted web site in the
address bar. "

Should Windows users boycott Apple's Safari?
http://blogs.computerworld.com/should_windows_users_should_boycott_apples_safari

If you're going to use Safari be aware of the 2 *unpatched* Critical
vulnerabilities it has and the means by which Apple is distributing it.


MowGreen [MVP 2003-2008]
===============
*-343-* FDNY
Never Forgotten
===============



newcontributor wrote:

> I tried to download some freeware from "superantispyware", a utility
> recommended on a Zonealarm forum.
> As I said in my earlier post, the download worked OK with Firefox, but not
> when I used the safari browser.
>
> "Nobody" wrote:
>
>
>>What are you trying to download and from where?
>>
>>"newcontributor" wrote in message
>>news:4744CC64-FB76-4355-9EEB-D5CDAB27A013@microsoft.com...
>>
>>>Windows will not let me download .exe files.As soon as download finishes
>>>it
>>>says it "this file is potentially harmful" and "has blocked access to this
>>>file".The file does not appear in the "my downloads" folder.
>>>How do I tweak Windows XP so I can download useful utilities ?
>>
>>
>>

Posez vos questions, réponses et remarques sur les forums de AuthSecu