Am 01.12.2012 18:33, schrieb Vulnerability Lab: > Thanks for the response! We are working on a better automatic scoring > bound to the risk system vector calculation of our db. Its all bound and > normally a moderator check the content but after a ddos last week we > missed to checkthe issue again. We are only human and mistakes happen > can ... thanks. > > Update ... > > Title: > ====== > Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability > > > Date: > ===== > 2012-11-27 > > > References: > =========== > http://www.vulnerability-lab.com/get_content.php?id=774 > > > VL-ID: > ===== > 774 > > > Common Vulnerability Scoring System: > ==================================== > 1.3 > > > Introduction: > ============= > http://www.apple.com/downloads/dashboard/reference/dictionnaire.html > > > Abstract: > ========= > The Vulnerability Laboratory Research Team discovered a script code inject > vulnerability in Apples (MacOSx) Widget Dictionnaire v1.3 software. > > > Report-Timeline: > ================ > 2012-11-27: Public Disclosure > > > Status: > ======== > Published > > > Exploitation-Technique: > ======================= > Local > > > Severity: > ========= > Low > > > Details: > ======== > A persistent script code inject vulnerability is detected in the > Dictionnaire, Dictionary of the French language based on TLFi (in French), > Software. > The vulnerability allows a local attacker execute malicious codes to > compromise the connected client system in the lan. The command execution > vulnerability is located in the search field of the Dictionnaire module. The > malicious injected script code will be directly executed out of > the result field. Successful exploitation of the vulnerability results in > system compromise via script code injections, persistent software > context manipulation, external malware loads or malicious external redirects. > > Vulnerable Software Module(s): > [+] Search Box > > Vulnerable Software Parameter(s): > [+] Search Field > > > Proof of Concept: > ================= > The software validation vulnerability can be exploited by local attackers > with required user interaction and privileged local system account. > For demonstration or reproduce ... > > PoC: Script Code Inject > "<h1>VL Tester</h1> > “<iframe src=http://vuln-lab.com>> > "<iframe src=vuln-lab.com onload=alert("VLab") <> > "<script>alert(document.cookie)</script><div style="1 > > > Solution: > ========= > The vulnerability can be patched by parsing the search string input field and > result output (listing) web context. > > > Risk: > ===== > The security risk of the remote command execution vulnerability is estimated > as low. > > > Credits: > ======== > Vulnerability Laboratory [Research Team] - Ibrahim El-Sayed (the_storm) > [st...@vulnerability-lab.com] [iel-sayed.blogspot.com] > > > > Disclaimer: > =========== > The information provided in this advisory is provided as it is without any > warranty. Vulnerability-Lab disclaims all warranties, > either expressed or implied, including the warranties of merchantability and > capability for a particular purpose. Vulnerability- > Lab or its suppliers are not liable in any case of damage, including direct, > indirect, incidental, consequential loss of business > profits or special damages, even if Vulnerability-Lab or its suppliers have > been advised of the possibility of such damages. Some > states do not allow the exclusion or limitation of liability for > consequential or incidental damages so the foregoing limitation > may not apply. We do not approve or encourage anybody to break any vendor > licenses, policies, deface websites, hack into databases > or trade with fraud/stolen material. > > Domains: www.vulnerability-lab.com - www.vuln-lab.com > - www.vulnerability-lab.com/register > Contact: ad...@vulnerability-lab.com - supp...@vulnerability-lab.com > - resea...@vulnerability-lab.com > Section: video.vulnerability-lab.com - forum.vulnerability-lab.com > - news.vulnerability-lab.com > Social: twitter.com/#!/vuln_lab - > facebook.com/VulnerabilityLab - > youtube.com/user/vulnerability0lab > Feeds: vulnerability-lab.com/rss/rss.php - > vulnerability-lab.com/rss/rss_upcoming.php - > vulnerability-lab.com/rss/rss_news.php > > Any modified copy or reproduction, including partially usages, of this file > requires authorization from Vulnerability Laboratory. > Permission to electronically redistribute this alert in its unmodified form > is granted. All other rights, including the use of other > media, are reserved by Vulnerability-Lab Research Team or its suppliers. All > pictures, texts, advisories, sourcecode, videos and > other information on this website is trademark of vulnerability-lab team & > the specific authors or managers. To record, list (feed), > modify, use or edit our material contact (ad...@vulnerability-lab.com or > supp...@vulnerability-lab.com) to get a permission. > > Copyright © 2012 | Vulnerability > Laboratory >
-- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: resea...@vulnerability-lab.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/