Info

Disclosure

Sep 16, 2005

Discovery

Unknown

Dates

Exploit

Sep 16, 2005

Solution

Unknown

Description

Apple Safari contains a flaw that may allow a URI to cause a denial of service. The issue is triggered when a malformed data:// URI is loaded, which will result in a crash of the browser.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 2.0.2 (416.13) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Apple Computer, Inc.

Safari

2.01 (412.5)

References

Bugtraq ID: 14868
Secunia Advisory ID: 16875
CVE ID: 2005-3018 (see also: NVD)
ISS X-Force ID: 22331
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-09/0225.html

Credit

Jonathan Rockway - jonjrock.us - http://www.jrock.us/

Direct URL: http://osvdb.org/19569