Safari WebKit floating point number buffer overflowAdded: 09/16/2009
BackgroundSafari is a web browser for Mac OS X and Windows. Safari is built upon the WebKit browser engine.
ProblemA buffer overflow vulnerability in WebKit allows command execution when a user loads a page which contains a specially crafted floating point number.
ResolutionUpgrade to Safari 4.0.3 or higher.
LimitationsExploit works on Safari 4.0.2 and requires a user to load the exploit page.
After the page is loaded, there may be a delay before the exploit succeeds.
Mac OS X 10.4
Back to exploit index