Added: 09/16/2009
CVE: CVE-2009-2195
BID: 36023
OSVDB: 56988
Safari is a web browser for Mac OS X and Windows. Safari is built upon the WebKit browser engine.
A buffer overflow vulnerability in WebKit allows command execution when a user loads a page which contains a specially crafted floating point number.
Upgrade to Safari 4.0.3 or higher.
<http://support.apple.com/kb/HT3733>
Exploit works on Safari 4.0.2 and requires a user to load the exploit page.
After the page is loaded, there may be a delay before the exploit succeeds.
Windows XP
Mac OS X 10.4