------------------------------------------------- This mail sent through IMP: email.isp.ee
Problem: Malicious webmaster can execute files, if the victim is using Internet Explorer 5. Affected versions: IE 5.0, probably earlier, on Classic systems(below OS X) Description: If you know the file path you can execute watever you want. What makes it difficult is that macintosh hard drives have different names, just like folders, not like on Windows - you can refer to the HD by typing c:\. On OS 9(and above) there are a bunch of AppleScripts called 'speakable items', which are made to make your life easier. They can be used for example to shut down the macintosh*, change the resolution, put computer to sleep(a energy- saving mode), close this window, close all windows etc. The default HD name is Macintosh HD(all systems I can remember). On OS 9(with the default configuration) the speakable item named Put Computer To Sleep lies in Macintosh HD:System Folder:Speakable Items:Put Computer To Sleep. * - Asks for confirmation. Exploit: <META HTTP-EQUIV="refresh" CONTENT="1; URL=file:///Macintosh%20HD/System%20Folder/Speakable%20Items/Put%20Computer%20To%20Sleep"> This will blank the screen and spin down hard disk(s). Vendor: I contacted Microsoft 2 months ago, they did not reply. Jass Seljamaa, jass@isp.ee GSM: +3725212242
