CVE-2014-1303
published 2014-03-26CVE-2014-1303: Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified…
PriorityP266critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
34.78%
98.2th percentile
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | safari | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit is delivered via a malicious HTML page (exploit.html) served from a web server; monitor for WebKit-based browsers (Safari 7.0.2, WebKitGTK 2.1.2, PS4 firmware < 2.50) fetching exploit.html alongside ROP-chain JavaScript files (roputil.js, syscall.js, code.js) from the same origin. ↗
- →PS4 exploit variant uses a fake DNS server (fakedns.py) to redirect the console's User's Guide page to an attacker-controlled server; detect anomalous DNS responses redirecting known Sony/PS4 hostnames to non-Sony IPs. ↗
- →Exploitation triggers a heap-based buffer overflow leading to ROP chain execution; on Linux/WebKitGTK a crash or controlled jump to an invalid address (0xdeadbeefdeadbeef) in the browser process is a strong indicator of exploitation attempt. ↗
- →Post-exploitation capability includes loading and executing a remote payload ('Code Execution - Load and execute payload from outer network') and dumping the filesystem ('/dev' entries); monitor WebKit browser processes for unexpected outbound connections or filesystem enumeration. ↗
- →The PS4 exploit is triggered by navigating to the User's Guide page on the PS4; the RSP register is pivoted as part of the ROP chain. Monitor for PS4 consoles on firmware < 2.50 making unexpected DNS lookups or HTTP requests to non-Sony infrastructure. ↗
- ·The PS4 PoC has been confirmed to work on firmware 2.03; the ROP test is only validated on 2.03, though the heap overflow itself should be triggerable on any firmware < 2.50. ↗
- ·Red Hat will not fix this issue in webkitgtk (RHEL 6) or webkitgtk3 (RHEL 7); systems running these packages remain permanently exposed. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
webkitgtk: heap-based buffer overflow (WSA-2015-0001)
vendor_redhat·2015-01-26·CVSS 10.0
CVE-2014-1303 [CRITICAL] CWE-122 webkitgtk: heap-based buffer overflow (WSA-2015-0001)
webkitgtk: heap-based buffer overflow (WSA-2015-0001)
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
Statement: Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Will not fix
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Will not fix
VulDB
WebKit memory corruption (HT6181 / EDB-44204)
vuldb·2026-05-09·CVSS 10.0
CVE-2014-1303 [CRITICAL] WebKit memory corruption (HT6181 / EDB-44204)
A vulnerability identified as critical has been detected in WebKit. This vulnerability affects unknown code. This manipulation causes memory corruption.
This vulnerability appears as CVE-2014-1303. The attack may be initiated remotely. In addition, an exploit is available.
You should upgrade the affected component.
VulDB
Apple iOS up to 7.1 WebKit memory corruption (HT6208 / EDB-44204)
vuldb·2026-05-09·CVSS 10.0
CVE-2014-1303 [CRITICAL] Apple iOS up to 7.1 WebKit memory corruption (HT6208 / EDB-44204)
A vulnerability has been found in Apple iOS up to 7.1 and classified as critical. Impacted is an unknown function of the component WebKit. This manipulation causes memory corruption.
This vulnerability is handled as CVE-2014-1303. The attack can be initiated remotely. Additionally, an exploit exists.
The affected component should be upgraded.
GHSA
GHSA-j8m8-7p44-642f: Heap-based buffer overflow in Apple Safari 7
ghsa_unreviewed·2022-05-17
CVE-2014-1303 [HIGH] CWE-119 GHSA-j8m8-7p44-642f: Heap-based buffer overflow in Apple Safari 7
Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.
No detection rules found.
Exploit-DB
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
exploitdb·2017-08-19·CVSS 10.0
CVE-2014-1303 [CRITICAL] WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow
---
# CVE-2014-1303 PoC for Linux
CVE-2014-1303 (WebKit Heap based BOF) proof of concept for Linux.
This repository demonstrates the WebKit heap based buffer overflow vulnerability (CVE-2014-1303) on **Linux**.
**NOTE:** Original exploit is written for Mac OS X and PS4 (PlayStation4).
I've ported and tested work on Ubuntu 14.04, [WebKitGTK 2.1.2](https://webkitgtk.org/releases/)
## Usage
Firstly you need to run simple web server,
```
$ python server.py
```
then
```
$ cd /path/to/webkitgtk2.1.2/
$ ./Programs/GtkLauncher http://localhost
```
You can run several tests like,
- Crash ROP (Jump to invalid address like 0xdeadbeefdeadbeef)
- Get PID (Get current PID)
- Code Execution (Load and execute payload from outer network)
- Fi
Exploit-DB
Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)
exploitdb·2016-04-21
CVE-2014-1303 Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)
---
CVE 2014-1303 Proof Of Concept for PS4
This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03.
Usage
You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run
`python fakedns.py -c dns.conf`
then
`python server.py`
Debug output will come from this process.
Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted s
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0136.htmlhttp://twitter.com/thezdi/statuses/444157530139136000http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/https://support.apple.com/kb/HT6537http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0135.htmlhttp://archives.neohapsis.com/archives/bugtraq/2014-04/0136.htmlhttp://twitter.com/thezdi/statuses/444157530139136000http://www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/https://support.apple.com/kb/HT6537
2014-03-26
Published