Vulnerability: Access controls can be evaded on MacOS9.2 using Internet Explorer, allowing users to execute programs they otherwise would not be able to run. Details: While in the college media lab I attempted to run MacSSH to get onto my home desktop, I received an error message telling me I did not have access to run said program. By launching Internet Explorer 5 Macintosh Edition, and creating a 'ssh' helper application (with MacSSH as the helper application), I was able to execute MacSSH without problem. I was logged in under a general student account (not Admin). This has been tested with applications other than MacSSH. Tested System: MacOS9.2.1 on an iMac with Internet Explorer. If this is a known vulnerability, I apologize for the wasted bandwidth. It's dead simple, but could be used maliciously, quite obviously. .Neeko Oni. [10.31.01] Happy Halloween. (neekooniat_private)
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 11:57:28 PST