Apple OS X Safari 2.0.3 Multiple Vulnerabilities

Release Date:
April 19th, 2006

Severity:
High

Vendor:
Apple

Versions Affected:
Apple OS X 10.4.6 and prior
Safari 2.0.3 (417.9.2) and all prior versions

Overview:
Multiple vulnerabilities exist within Safari 2.0.3 (417.9.2) and all prior versions which causes the application to crash, and or may allow for an attacker to execute arbitrary code. Below are the crash address, and links to basic PoC to reproduce the crashes.

Technical Details:
0x95940f9c in KWQListIteratorImpl::KWQListIteratorImpl ()

sp-x26-1.html

0x95aa1b64 in QPainter::drawText ()

sp-x26-2.html

0xfffeff20 in objc_msgSend_rtp ()

sp-x26-4.html

Vendor Status:
Apple was notified of these issues on 01/06/2006.

Solution:
Currently no patches have been released for these vulnerabilities.

As Ilja has once said, "it is trivial to get Safari to crash". He is right...

Discovered by:
Tom Ferris
tommy[at]security-protocols[dot]com

Related Links:
http://security-protocols.com/poc/sp-x26-1.html
http://security-protocols.com/poc/sp-x26-2.html
http://security-protocols.com/poc/sp-x26-4.html
http://apple.com/macosx/

Security-Protocols.com :: 1999-2008