Apple Safari for Windows Unspecified Denial of Service Vulnerability
TITLE: Apple Safari for Windows Unspecified Denial of Service Vulnerability
CLASS: Input Validation Error
CVE:
REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 11 2007 12:00AM
UPDATE: Jun 12 2007 10:09AM
CREDIT: Aviv Raff is credited with discovering this vulnerability.
VULNERABLE:
Apple Safari For Windows 3 BetaNOT VULNERABLE:
Vai alla pagina originale su Security Focus
Discussion
Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle user-supplied input.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Reports indicate that remote code execution may be possible, but it has not been confirmed.
Safari 3 public beta for windows is reported vulnerable.
Exploit
An attacker may exploit this issue by enticing victims into viewing a maliciously crafted webpage.
Solution
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.
References
References:
- Apple Safari for Windows - Out with a crash (Aviv Raff On .NET)
- Safari Homepage (Apple)