Lucene search
AbysssecEDB-ID:17575HistoryJul 26, 2011 - 12:00 a.m.
Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)
2011-07-2600:00:00
Abysssec
www.exploit-db.com
32
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
8.7
Confidence
High
EPSS
0.546
Percentile
97.7%
Abysssec Public Advisory
apple killed one of our 0day no point to keep it private anymore :(
there is another version of exploit using POPup and thats more
reliable but as you know safari block pop up by default so we found a
cool way to bypass it and stand alone module .
this exploiting using ROP to bypass permanent DEP.
note : Change spray range if not work on your machine.
CVE-2011-0222 :
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers
to execute arbitrary code or cause a denial of service (memory
corruption and application crash)
via a crafted web site a different vulnerability than other WebKit
CVEs listed in APPLE-SA-2011-07-20-1.
Tested on windows XP SP3 and safari 5.0.5
feel free to contact us at : info [at] abysssec.com
and follow @abysssec for updates
http://www.abysssec.com/files/CVE-2011-0222_WinXP_Exploit.zip
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17575.zip (CVE-2011-0222_WinXP_Exploit.zip)Related
seebug
seebug
Safari 5.0.5 SVG Remote Code Execution Exploit (DEP bypass)
2011-07-27 00:00:00
Safari SVG DOM processing PoC
2011-07-26 00:00:00
Apple Safari 5.1ๅ5.0.6ไนๅ็ๆฌๅคไธชๅฎๅ
จๆผๆด
2011-07-22 00:00:00
prion
prion
Memory corruption
2011-07-21 23:55:00
exploitdb
exploitdb
Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC)
2011-07-25 00:00:00
cvelist
cvelist
CVE-2011-0222
2011-07-21 23:00:00
cve
cve
CVE-2011-0222
2011-07-21 23:55:02
exploitpack
exploitpack
Apple Safari 5.0.65.1 - SVG DOM Processing (PoC)
2011-07-25 00:00:00
Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)
2011-07-26 00:00:00
ubuntucve
ubuntucve
CVE-2011-0222
2011-07-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari WebKit SVG Memory Corruption (CVE-2011-0222)
2011-11-15 00:00:00
nvd
nvd
CVE-2011-0222
2011-07-21 23:55:02
openvas
openvas
Apple Safari Multiple Vulnerabilities - July 2011
2011-07-27 00:00:00
Apple Safari Multiple Vulnerabilities - July 2011 (Mac OS X)
2011-08-12 00:00:00
Apple Safari Multiple Vulnerabilities (Jul 2011) - Mac OS X
2011-08-12 00:00:00
securityvulns
securityvulns
WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
2011-08-01 00:00:00
APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6
2011-07-22 00:00:00
Apple iTunes multiple security vulnerabilities
2011-10-16 00:00:00
nessus
nessus
Safari < 5.1 Multiple Vulnerabilities
2011-07-21 00:00:00
Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)
2012-06-19 00:00:00
Mac OS X : Apple Safari < 5.1 / 5.0.6
2011-07-21 00:00:00
CVSS2
9.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
8.7
Confidence
High
EPSS
0.546
Percentile
97.7%
Related for EDB-ID:17575