There is a URL protocol handler command injection vulnerability in Safari for Windows that allows you to execute shell commands with arbitrary arguments. This vulnerability can be triggered without user interaction simply by visiting a webpage. The full advisory and a working Proof of Concept exploit can be found at the above URL.
I'm guessing that Webkit might be affected as well.
(In reply to comment #1)
Is that some sort of bug or patch identifier?
I never got a reply from firstname.lastname@example.org and the first non-automated action I saw in here was someone from 'gentlyusedunderwear.com' being added on CC.
(In reply to comment #2)
> (In reply to comment #1)
> > <rdar://problem/5264427>
> Is that some sort of bug or patch identifier?
This means a bug was created in Apple's internal bug database for this bug.
> I never got a reply from email@example.com and the first non-automated
> action I saw in here was someone from 'gentlyusedunderwear.com' being added on
This bug database is open to anyone who creates an account, so anyone may add themselves to the bug to track it.
Well 'gentlyusedunderwear' seems to be a regular in here, it's just not the first thing I expected to see on a security report ;)
I can see that Apple has fixed this vulnerability in Safari, see http://lists.apple.com/archives/Security-announce/2007/Jun/msg00000.html
Can any of you at least confirm or deny whether this vulnerability is present in WebKit? The bug report is still at UNCONFIRMED.
Thanks very much for reporting this bug!
We commonly track important bugs in both Bugzilla and Radar, which is Apple's internal bug tracking system. You can see that pattern on the Bugzilla quite often.
In this case, the bug turned out to be a Safari bug and not a WebKit bug.
Bugs you're sure belong to Safari can be submitted at http://bugreport.apple.com
If you don't have an ADC membership, you can get a free one following the link on that page.
Closing as invalid, since that is our standard procedure for WebKit bugs that end up being Safari bugs instead.
Again, thanks for the report!
And as always, security-related bug reports on Apple products should also be provided to firstname.lastname@example.org.