Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Apple Safari for Windows feed:// URL Denial of Service Vulnerability

Apple Safari for Windows feed:// URL Denial of Service Vulnerability

From: Trancer <mtrancer_at_gmail.com>
Date: Wed, 13 Jun 2007 03:42:02 +0300

Apple Safari for Windows feed:// URL Denial of Service Vulnerability

Versions: Apple Safari For Windows 3 Beta

Apple Safari for Windows is prone to a denial-of-service vulnerability
because it fails to properly handle crafted feed:// link.

Proof-of-Concept: .
Link: feed://%
Exploit: DoS
Yes, this will crash Safari. Yes, it's that easy.
Note that this doesn't work with http://, ftp://, gopher:// and etc'.

Reference:
http://www.rec-sec.co.il/2007/06/12/apple-safari-for-windows-vulnerabilities/#exp

Credit:
Moshe Ben-Abu of BugSec is credited with discovering this vulnerability.

Vendor has been notified. 

-- 
Moshe Ben-Abu :: Trancer
0nly Human...
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Jun 12 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]