Full Disclosure mailing list archives
Re: Apple Safari for Windows feed:// URL Denial of Service Vulnerability
From: cardoso <cardosolistas () contraditorium com>
Date: Tue, 12 Jun 2007 22:09:03 -0300
Are you sure it's wise to waste resources poking Safari/Windows in search of flaws? The thing DOS itself, my machine (vista home premium, braz. portuguese edition) can't run Safari for more than a few minutes, less, if I try do actually open a website. I'm an Apple fanboy, proud owner of a Macbook, but I think this abomination is the worst piece of software I ever installed, including Windows Me and Microsoft Bob. On Wed, 13 Jun 2007 03:42:02 +0300 Trancer <mtrancer () gmail com> wrote:
Apple Safari for Windows feed:// URL Denial of Service Vulnerability Versions: Apple Safari For Windows 3 Beta Apple Safari for Windows is prone to a denial-of-service vulnerability because it fails to properly handle crafted feed:// link. Proof-of-Concept: . Link: feed://% Exploit: <a href="feed://%">DoS</a> Yes, this will crash Safari. Yes, it's that easy. Note that this doesn't work with http://, ftp://, gopher:// and etc'. Reference: http://www.rec-sec.co.il/2007/06/12/apple-safari-for-windows-vulnerabilities/#exp Credit: Moshe Ben-Abu of BugSec is credited with discovering this vulnerability. Vendor has been notified. -- Moshe Ben-Abu :: Trancer 0nly Human... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
------------------------------------------------------------- Carlos Cardoso http://www.carloscardoso.com <== blog semi-pessoal http://www.contraditorium.com <== ProBlogging e cultura digital "You lost today, kid. But that doesn't mean you have to like it" _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Apple Safari for Windows feed:// URL Denial of Service Vulnerability Trancer (Jun 12)
- Re: Apple Safari for Windows feed:// URL Denial of Service Vulnerability cardoso (Jun 12)