And here's where your exploit stops being one: === Suppose the current version of Apple Safari (5.0.5) is our default web browser. If we put the above files in the same directory (on a local drive or a remote share) and double-click Test.html, what happens is the following: === At this point, Test.html might actually be test.exe with the HTML icon embedded. Everything else then is unnecessary obfuscation -- code execution was already possible the start by design. This is a neat vector though, and it's likely that with a bit more work it could be turned into an actual RCE. On Fri, Jul 8, 2011 at 10:38 AM, ACROS Security Lists <lists@xxxxxxxx> wrote: > > We published a blog post on a nice twist to binary planting which we call "File > Planting." There'll be much more of this from us in the future, but here's the first > sample for you to (hopefully) enjoy. > > http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html > > or > > http://bit.ly/nXmRFD > > > Best regards, > > Mitja Kolsek > CEO&CTO > > ACROS, d.o.o. > Makedonska ulica 113 > SI - 2000 Maribor, Slovenia > tel: +386 2 3000 280 > fax: +386 2 3000 282 > web: http://www.acrossecurity.com > blg: http://blog.acrossecurity.com > > ACROS Security: Finding Your Digital Vulnerabilities Before Others Do > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
