Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability Date: ===== 2012-11-26 References: =========== http://www.vulnerability-lab.com/get_content.php?id=774 VL-ID: ===== 774 Introduction: ============= http://www.apple.com/downloads/dashboard/reference/dictionnaire.html Abstract: ========= The Vulnerability Laboratory Research Team discovered a script code inject vulnerability in Apples (MacOSx) Widget Dictionnaire v1.3 software. Report-Timeline: ================ 2012-11-27: Public Disclosure Status: ======== Published Exploitation-Technique: ======================= Local Severity: ========= Low Details: ======== A persistent script code inject vulnerability is detected in the Dictionnaire, Dictionary of the French language based on TLFi (in French), Software. The vulnerability allows a local attacker execute malicious codes to compromise the connected client system in the lan. The command execution vulnerability is located in the search field of the Dictionnaire module. The malicious injected script code will be directly executed out of the result field. Successful exploitation of the vulnerability results in system compromise via script code injections, persistent software context manipulation, external malware loads or malicious external redirects. Vulnerable Software Module(s): [+] Search Box Vulnerable Software Parameter(s): [+] Search Field Proof of Concept: ================= The software validation vulnerability can be exploited by local attackers with required user interaction and privileged local system account. For demonstration or reproduce ... PoC: Script Code Inject "