Researcher Liu Die Yu, who has in the past discovered a number of IE bugs, published the code Sunday on his blog.
He wrote that the threat -- described as a "carpet bomb" by researcher Nitesh Dhanjani, who first discovered the issue -- is caused by a design flaw in IE, which could permit automatic remote code execution when a user downloads a file on Safari for Windows.
Microsoft issued an advisory May 30, warning that Windows XP and Vista customers who have installed Safari on their machines should consider not using the browser until a patch is delivered.
"A design flaw in Windows Internet Explorer, version 8 beta 7, and probably others, breaks the security of Safari for Windows shipped by Apple," Liu Die Yu said.
"Apple's Safari for Windows downloads and saves requested file[s] to user's desktop by default -- this default behavior does not constitute a mistake."
Meanwhile, Microsoft late Friday revised its security advisory to update its suggested workaround for the threat.
Researcher Aviv Raff had advised Microsoft that its initial workaround was not enough because the Safari hole could be used in combination with other product vulnerabilities, even if Microsoft fixed its flaw.
Microsoft agreed and revised the workaround. It now suggests users "change the download location of content in Safari to a newly created directory" -- for instance, c:\SafariDownload.
See original article on scmagazineus.com
Proof-of-concept revealed for Safari for Windows bug
By Dan Kaplan on Jun 10, 2008 10:06AM