Vulnerability Note VU#773190

Mac OS X Safari "Show in Finder" option may allow arbitrary file execution

Original Release date: 24 Aug 2004 | Last revised: 07 Sep 2004


Mac OS X Safari "Show in Finder" option may automatically open and execute downloaded files. This could allow an attacker to execute arbitrary code.


Safari is the default web browser for Mac OS X. Safari has a "Show in Finder" option to allow users to automatically reveal the location of downloaded files in a Finder (the default OS X file browser) window. This feature is flawed as Finder may attempt to automatically open and execute certain types of files when the location is revealed.


An attacker may be able to execute arbitrary code since certain files may automatically open without verification of their contents.


Apple has released a security update labeled APPLE-SA-2004-06-07 to address this issue. Information regarding the update can be found at

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Affected-24 Aug 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was publicly reported by Apple Product Security.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2004-0539
  • Date Public: 07 Jun 2004
  • Date First Published: 24 Aug 2004
  • Date Last Updated: 07 Sep 2004
  • Severity Metric: 0.27
  • Document Revision: 121


If you have feedback, comments, or additional information about this vulnerability, please send us email.