Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=774 Release Date: ============= 2012-11-26 Vulnerability Laboratory ID (VL-ID): ==================================== 774 Common Vulnerability Scoring System: ==================================== 1.3 Product & Service Introduction: =============================== http://www.apple.com/downloads/dashboard/reference/dictionnaire.html Abstract Advisory Information: ============================== The Vulnerability Laboratory Research Team discovered a script code inject vulnerability in Apples (MacOSx) Widget Dictionnaire v1.3 software. Vulnerability Disclosure Timeline: ================================== 2012-11-27: Public Disclosure Discovery Status: ================= Published Exploitation Technique: ======================= Local Severity Level: =============== Low Technical Details & Description: ================================ A persistent script code inject vulnerability is detected in the Dictionnaire, Dictionary of the French language based on TLFi (in French), Software. The vulnerability allows a local attacker execute malicious codes to compromise the connected client system in the lan. The command execution vulnerability is located in the search field of the Dictionnaire module. The malicious injected script code will be directly executed out of the result field. Successful exploitation of the vulnerability results in system compromise via script code injections, persistent software context manipulation, external malware loads or malicious external redirects. Vulnerable Software Module(s): [+] Search Box Vulnerable Software Parameter(s): [+] Search Field Proof of Concept (PoC): ======================= The software validation vulnerability can be exploited by local attackers with required user interaction and privileged local system account. For demonstration or reproduce ... PoC: Script Code Inject "