CVE-2008-1024Out-of-bounds Write in Apple Safari

CWE-39933 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
2.1%
top 16.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedApr 17
Latest updateMay 1

Description

Apple Safari before 3.1.1, when running on Windows XP or Vista, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file download with a crafted file name, which triggers memory corruption.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDapple/safari3, 3.1+1

🔴Vulnerability Details

1
GHSA
GHSA-3xpj-hmjf-h7w3: Apple Safari before 32022-05-01

💥Exploits & PoCs

28
Exploit-DB
UltraVNC 1.0.2 Client - 'vncviewer.exe' Remote Buffer Overflow (Metasploit)2012-03-26
Exploit-DB
Avast! 4.7 - 'aavmker4.sys' Local Privilege Escalation2010-04-27
Exploit-DB
Solaris 10 / OpenSolaris - 'dtrace' Local Kernel Denial of Service (PoC)2009-05-04
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'zip-notify' Remote Kernel Overflow (PoC)2009-03-23
Exploit-DB
Apple Mac OSX xnu 1228.3.13 - 'Profil' Kernel Memory Leak/Denial of Service (PoC)2009-03-23

💬Community

2
Bugzilla
CVE-2008-3828 condor: buffer overflow in lookup_macro2008-09-25
Bugzilla
CVE-2008-0947 krb5: file descriptor array overflow in RPC library2008-02-20