Safari Flaw Worse Than First Thought, Microsoft Warns

Microsoft is warning that a previously disclosed flaw in Apple's Safari browser could have dire consequences for Windows users.

The Safari bug, originally disclosed on May 15 by security researcher Nitesh Dhanjani, allows attackers to litter a victim's desktop with executable files, an attack known as "carpet bombing."

It turns out that if this flaw is exploited in combination with a second unpatched bug in Internet Explorer, attackers can run unauthorized software on a victim's computer, according to Aviv Raff, a security researcher. Raff says he originally reported the IE flaw to Microsoft more than a year ago, and then told them about how it could be combined with the carpet bombing bug just over a week ago.

Link:
http://www.pcworld.com/businesscenter/article/146537/...