Apple Macintosh OS X .DS_Store Directory Listing Disclosure Vulnerability

A vulnerability has been found in certain configurations of Macintosh OS X.

A remote attacker may read obtain web directory content information by submitting a URL to the vulnerable host's web service of the following form:

http://www.example.com/target_directory/.DS_store.

This information could provide an attacker with sensitive information including system configuration, installed applications, etc. Properly exploited, this information could allow an attacker to further compromise the security of the host.


 

Privacy Statement
Copyright 2010, SecurityFocus