search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Mac OS X Safari "Show in Finder" option may allow arbitrary file execution

Vulnerability Note VU#773190

Original Release Date: 2004-08-24 | Last Revised: 2004-09-07


Mac OS X Safari "Show in Finder" option may automatically open and execute downloaded files. This could allow an attacker to execute arbitrary code.


Safari is the default web browser for Mac OS X. Safari has a "Show in Finder" option to allow users to automatically reveal the location of downloaded files in a Finder (the default OS X file browser) window. This feature is flawed as Finder may attempt to automatically open and execute certain types of files when the location is revealed.


An attacker may be able to execute arbitrary code since certain files may automatically open without verification of their contents.


Apple has released a security update labeled APPLE-SA-2004-06-07 to address this issue. Information regarding the update can be found at

Vendor Information


Apple Computer Inc. Affected

Updated:  August 24, 2004



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


This issue was resolved by Apple Computer Inc. Information regarding the resolution can be found at

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was publicly reported by Apple Product Security.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2004-0539
Severity Metric: 0.27
Date Public: 2004-06-07
Date First Published: 2004-08-24
Date Last Updated: 2004-09-07 20:06 UTC
Document Revision: 121

Sponsored by CISA.