[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability
From:       "Thor (Hammer of God)" <thor () hammerofgod ! com>
Date:       2012-11-28 19:40:52
Message-ID: E4773016-06E3-41D9-86BB-F54956313B87 () hammerofgod ! com
[Download RAW message or body]


On Nov 27, 2012, at 5:52 PM, Vulnerability Lab <research@vulnerability-lab.com> wrote:

> Proof of Concept:
> =================
> The software validation vulnerability can be exploited by local attackers with required user \
> interaction and privileged local system account. For demonstration or reproduce ...
> 
> PoC: Script Code Inject
> "<h1>VL Tester</h1>
> "<iframe src=http://vuln-lab.com>>
> "<iframe src=vuln-lab.com onload=alert("VLab") <>
> "<script>alert(document.cookie)</script><div style="1
> 
> 
> Solution:
> =========
> The vulnerability can be patched by parsing the search string input field and result output \
> (listing) web context. 
> 
> Risk:
> =====
> The security risk of the remote command execution vulnerability is estimated as high(+).

Given the required user interaction and privileged local system account and other operational \
dependancies, by what means did you estimate a "high" risk?   I guess the basic question would \
be "how do you even classify this as a risk" in the first place.   Do you have some system of \
calculating risk or is it just a "gut feeling" type classification?

t
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]