CVE-2005-3018

Apple Safari - Denial of Service via Crafted data:// URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3018. PoCs published by Jonathan Rockway.

AI-analyzed exploit summary This exploit demonstrates a memory corruption vulnerability in Apple Safari by using malformed 'data:' URIs, which can cause the browser to crash. The PoC suggests potential for arbitrary code execution, though this is unconfirmed.

Description

Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jonathan Rockway · textdososx
https://www.exploit-db.com/exploits/26271

This exploit demonstrates a memory corruption vulnerability in Apple Safari by using malformed 'data:' URIs, which can cause the browser to crash. The PoC suggests potential for arbitrary code execution, though this is unconfirmed.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple Safari (versions affected by CVE-2005-3018)
No auth needed
Prerequisites: Victim must open a malformed 'data:' URI in Apple Safari
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22331
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112715234411672&w=2
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16875/
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14868
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/19569

Scores

EPSS 0.0300
EPSS Percentile 85.7%

Details

Status published
Products (9)
apple/safari 1.0
apple/safari 1.1
apple/safari 1.2
apple/safari 1.2.1
apple/safari 1.2.2
apple/safari 1.2.3
apple/safari 1.3
apple/safari 2.0
apple/safari 2.0.1
Published Sep 21, 2005
Tracked Since Feb 18, 2026