Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)

EDB-ID:

17575


Author:

Abysssec

Type:

remote


Platform:

Windows

Date:

2011-07-26


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Abysssec Public Advisory

   apple killed one of our 0day  no point to keep it private anymore :(
   there is another version of exploit using POPup and thats more
reliable but as you know safari block pop up by default so we found a
cool way to bypass it and stand alone module .
   this exploiting using ROP to bypass permanent DEP.

   note : Change spray range if not work on your machine.

   CVE-2011-0222 :

   WebKit, as used in Apple Safari before 5.0.6, allows remote attackers
to execute arbitrary code or cause a denial of service (memory
corruption and application crash)
   via a crafted web site a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2011-07-20-1.

   Tested on windows XP SP3 and safari 5.0.5

   feel free to contact us at : info [at] abysssec.com

   and follow @abysssec for updates

   http://www.abysssec.com/files/CVE-2011-0222_WinXP_Exploit.zip
   https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/17575.zip (CVE-2011-0222_WinXP_Exploit.zip)