WebKit Floating Point Number Remote Buffer Overflow Vulnerability

2009-08-11T00:00:00
ID EDB-ID:33164
Type exploitdb
Reporter Apple
Modified 2009-08-11T00:00:00

Description

WebKit Floating Point Number Remote Buffer Overflow Vulnerability. CVE-2009-2195. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/36023/info

WebKit is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Apple Safari 4.0.3 are vulnerable; other applications using WebKit may also be affected. 


Example 1:
---------
<script>
var Overflow = "31337" + 0.313373133731337313373133731337...;
</script>
---------

Example 2:
---------
<img width=0.3133731337313373133731337... src="31337.jpg">
---------