header-logo
Suggest Exploit
vendor:
Safari
by:
Nikita Tarakanov (CISS Research Team), Alex Bazhanyuk (CISS Research Team)
9.3
CVSS
HIGH
SVG DOM processing
94
CWE
Product Name: Safari
Affected Version From: prior to 5.0.6, 5.1
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2011-0222
CPE: apple:safari
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win XP SP3, Win 7 SP1
2011

CVE-2011-0222 Safari SVG DOM processing PoC

A vulnerability in Safari's SVG DOM processing allows an attacker to execute arbitrary code on a vulnerable system. The vulnerability is caused due to an error in the handling of SVG elements, which can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.

Mitigation:

Apple released a patch for this vulnerability in Safari 5.0.6 and 5.1.
Source

Exploit-DB raw data:

/*
# Exploit Title: CVE-2011-0222 Safari SVG DOM processing PoC
# Date: 2011-07-25
# Author: Nikita Tarakanov (CISS Research Team), Alex Bazhanyuk (CISS Research Team)
# Software Link: http://www.apple.com/au/safari/download/
# Version: prior to 5.0.6, 5.1
# Tested on: Win XP SP3, Win 7 SP1
# CVE : CVE-2011-0222
# Status : Patched
*/

PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17567.zip (CVE-2011-0222.zip)