Info

Disclosure

Jul 31, 2006

Discovery

Unknown

Dates

Exploit

Jul 31, 2006

Solution

Unknown

Description

Safari contains a flaw that may allow a malicious user to execute arbitrary code. The issue is caused due to an error in the 'KHTMLParser::popOneBlock()' function that can be exploited to cause a memory corruption via a script element in a div element redefining the document body. It is possible that the flaw may allow remote arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Products

Apple Computer, Inc.	Mac OS X	10.4
		10.4.1
		10.4.2
		10.4.3
		10.4.4
		10.4.5
		10.4.6
		10.4.7
		10.3.x

References

FrSIRT Advisory: ADV-2006-3069
Bugtraq ID: 19250
Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460
Related OSVDB ID: 29267 29268 29269 29270 29271 29272 29273 29274 29276
Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_031.html
Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html ......
Secunia Advisory ID: 21271 22187
CVE ID: 2006-3946 (see also: NVD)
Keyword: MoBB #31

Credit

Jose Avila III -
Pusscat -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apple Computer, Inc.

Mac OS X

References

Credit