Microsoft warned that a previously reported flaw of Apple Safari can be combined with a flaw in Internet Explorer to run unauthorized program on users’ computers.
The Apple Safari’s flaw, reported since May 15th, could allow a malicious web site to download any executable to the user’s Desktop without consent and this wrong behavior can be linked to a Microsoft Internet Explorer’s flaw that mishandle executables located on the Desktop allowing to run them, still without the user consent.
Links
Microsoft Security Advisory (953818): http://www.microsoft.com/technet/security/advisory/953818.mspx;
Nitesh Dhanjani’s Advisory: http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html;
Aviv Raff’s Advisory: http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx.
