[MajorSecurity Advisory #64]Apple Safari 4.0.4 Denial of Service
===========Product: Apple Safari Webbrowser
Advisory-Status: published on 02-02-2010
===========Discovered by: David Vieira-Kurz
===========Apple Safari browser 4.0.4 an prior
===========The Apple Safari browser is a webbrowser based on the WebKit Engine.
In detail, the following flaw was determined:
The Apple Safari browser is prone to a denial of service vulnerability when parsing certain HTML content.
This issue can NOT be lead to remote code execution, so that the potential security risk is rated low.
The exploit has been tested on Windows Vista SP2 with Safari 4.0.4 using following useragent:
Mozilla/5.0 (Windows; U; Windows NT 6.0; de-DE) AppleWebKit/531.21.8 (KHTML, like Gecko) Version/4.0.4 Safari/531.21.10
Proof of Concept:
===============MajorSecurity is a German penetrationtesting and security research company which focuses
on web application security. We offer professional penetrationtestings, security audits,
source code reviews and reliable proof of concepts.
You will find more Information about MajorSecurity at
Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact firstname.lastname@example.org for permission.