Lucene search
Alexey SintsovEDB-ID:12614HistoryMay 15, 2010 - 12:00 a.m.
Apple Safari 4.0.5 - 'parent.close()' Memory Corruption (ASLR + DEP Bypass)
2010-05-1500:00:00
Alexey Sintsov
www.exploit-db.com
18
AI Score
7.4
Confidence
Low
Download:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12614.zip (safari_parent_close_sintsov.zip)
Unzip and run START.htm
This exploit use JIT-SPRAY for DEP and ASLR bypass.
jit-shellcode: system("notepad")
0day.html - use 0x09090101 address for CALL JITed shellcode.
START.htm -> iff.htm -> if1.htm -> 0day.html
| |
| |
JIT-SPRAY parent.close();
0x09090101 - JITed * ESI=0x09090101
shellcode * CALL ESI
By Alexey Sintsov
from
Digital Security Research Group
[www.dsecrg.com]Related
checkpoint_advisories
checkpoint_advisories
Apple Safari parent.close Code Execution (CVE-2010-1939)
2010-07-02 00:00:00
Apple Safari parent.close Code Execution - Ver2 (CVE-2010-1939)
2014-01-07 00:00:00
Apple Safari Parent.Close User After Free - Ver2 (CVE-2010-1939)
2014-02-03 00:00:00
saint
saint
Apple Safari parent.close() Invalid Pointer Code Execution
2010-05-28 00:00:00
Apple Safari parent.close() Invalid Pointer Code Execution
2010-05-28 00:00:00
Apple Safari parent.close() Invalid Pointer Code Execution
2010-05-28 00:00:00
exploitdb
exploitdb
cvelist
cvelist
CVE-2010-1939
2010-05-13 22:00:00
prion
prion
Design/Logic Flaw
2010-05-13 22:30:00
cve
cve
CVE-2010-1939
2010-05-13 22:30:00
debiancve
debiancve
CVE-2010-1939
2010-05-13 22:30:00
nvd
nvd
CVE-2010-1939
2010-05-13 22:30:00
cert
cert
Apple Safari window object invalid pointer vulnerability
2010-05-10 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (Mar 2010)
2010-03-23 00:00:00
Apple Saferi multiple vulnerabilities (Mar10)
2010-03-23 00:00:00