[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
- From: Vulnerability Lab <research@xxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 03 Dec 2012 15:06:41 +0100
Am 01.12.2012 18:33, schrieb Vulnerability Lab:
> Thanks for the response! We are working on a better automatic scoring
> bound to the risk system vector calculation of our db. Its all bound and
> normally a moderator check the content but after a ddos last week we
> missed to checkthe issue again. We are only human and mistakes happen
> can ... thanks.
>
> Update ...
>
> Title:
> ======
> Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
>
>
> Date:
> =====
> 2012-11-27
>
>
> References:
> ===========
> http://www.vulnerability-lab.com/get_content.php?id=774
>
>
> VL-ID:
> =====
> 774
>
>
> Common Vulnerability Scoring System:
> ====================================
> 1.3
>
>
> Introduction:
> =============
> http://www.apple.com/downloads/dashboard/reference/dictionnaire.html
>
>
> Abstract:
> =========
> The Vulnerability Laboratory Research Team discovered a script code inject
> vulnerability in Apples (MacOSx) Widget Dictionnaire v1.3 software.
>
>
> Report-Timeline:
> ================
> 2012-11-27: Public Disclosure
>
>
> Status:
> ========
> Published
>
>
> Exploitation-Technique:
> =======================
> Local
>
>
> Severity:
> =========
> Low
>
>
> Details:
> ========
> A persistent script code inject vulnerability is detected in the
> Dictionnaire, Dictionary of the French language based on TLFi (in French),
> Software.
> The vulnerability allows a local attacker execute malicious codes to
> compromise the connected client system in the lan. The command execution
> vulnerability is located in the search field of the Dictionnaire module. The
> malicious injected script code will be directly executed out of
> the result field. Successful exploitation of the vulnerability results in
> system compromise via script code injections, persistent software
> context manipulation, external malware loads or malicious external redirects.
>
> Vulnerable Software Module(s):
> [+] Search Box
>
> Vulnerable Software Parameter(s):
> [+] Search Field
>
>
> Proof of Concept:
> =================
> The software validation vulnerability can be exploited by local attackers
> with required user interaction and privileged local system account.
> For demonstration or reproduce ...
>
> PoC: Script Code Inject
> "<h1>VL Tester</h1>
> “<iframe src=http://vuln-lab.com>>
> "<iframe src=vuln-lab.com onload=alert("VLab") <>
> "<script>alert(document.cookie)</script><div style="1
>
>
> Solution:
> =========
> The vulnerability can be patched by parsing the search string input field and
> result output (listing) web context.
>
>
> Risk:
> =====
> The security risk of the remote command execution vulnerability is estimated
> as low.
>
>
> Credits:
> ========
> Vulnerability Laboratory [Research Team] - Ibrahim El-Sayed (the_storm)
> [storm@xxxxxxxxxxxxxxxxxxxxx] [iel-sayed.blogspot.com]
>
>
>
> Disclaimer:
> ===========
> The information provided in this advisory is provided as it is without any
> warranty. Vulnerability-Lab disclaims all warranties,
> either expressed or implied, including the warranties of merchantability and
> capability for a particular purpose. Vulnerability-
> Lab or its suppliers are not liable in any case of damage, including direct,
> indirect, incidental, consequential loss of business
> profits or special damages, even if Vulnerability-Lab or its suppliers have
> been advised of the possibility of such damages. Some
> states do not allow the exclusion or limitation of liability for
> consequential or incidental damages so the foregoing limitation
> may not apply. We do not approve or encourage anybody to break any vendor
> licenses, policies, deface websites, hack into databases
> or trade with fraud/stolen material.
>
> Domains: www.vulnerability-lab.com - www.vuln-lab.com
> - www.vulnerability-lab.com/register
> Contact: admin@xxxxxxxxxxxxxxxxxxxxx - support@xxxxxxxxxxxxxxxxxxxxx
> - research@xxxxxxxxxxxxxxxxxxxxx
> Section: video.vulnerability-lab.com - forum.vulnerability-lab.com
> - news.vulnerability-lab.com
> Social: twitter.com/#!/vuln_lab -
> facebook.com/VulnerabilityLab -
> youtube.com/user/vulnerability0lab
> Feeds: vulnerability-lab.com/rss/rss.php -
> vulnerability-lab.com/rss/rss_upcoming.php -
> vulnerability-lab.com/rss/rss_news.php
>
> Any modified copy or reproduction, including partially usages, of this file
> requires authorization from Vulnerability Laboratory.
> Permission to electronically redistribute this alert in its unmodified form
> is granted. All other rights, including the use of other
> media, are reserved by Vulnerability-Lab Research Team or its suppliers. All
> pictures, texts, advisories, sourcecode, videos and
> other information on this website is trademark of vulnerability-lab team &
> the specific authors or managers. To record, list (feed),
> modify, use or edit our material contact (admin@xxxxxxxxxxxxxxxxxxxxx or
> support@xxxxxxxxxxxxxxxxxxxxx) to get a permission.
>
> Copyright © 2012 | Vulnerability
> Laboratory
>
--
VULNERABILITY RESEARCH LABORATORY
LABORATORY RESEARCH TEAM
CONTACT: research@xxxxxxxxxxxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/