Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4504 — Apple Textedit vulnerability

5 documents3 sources

Severity

7.8HIGHNVD

NVD6.4

EPSS

36.8%

top 2.85%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Textedit Apple MAC OS X Apple MAC OS X Server +1 more

Timeline

PublishedDec 22

Latest updateMay 1

Description

The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages4 packages

▶NVDapple/textedit1.4

▶NVDapple/safari10 versions+9

▶NVDapple/mac_os_x36 versions+35

▶NVDapple/mac_os_x_server32 versions+31

🔴Vulnerability Details

GHSA

GHSA-p6x7-qq78-p256: Stack-based buffer overflow in Safari in Mac OS X 10↗2022-05-01

▶

GHSA

GHSA-3cpr-wjhh-6mx6: The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Apple Mac OSX - KHTMLParser Remote Denial of Service↗2005-12-22

▶