CVE-2006-2019

Apple Safari - Denial of Service via TD Element Rowspan Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2019. PoCs published by Yannick von Arx.

AI-analyzed exploit summary This exploit leverages a vulnerability in Safari 2.0.3 causing a denial-of-service (DoS) condition by triggering excessive resource consumption via a malformed HTML table with an extremely large ROWSPAN value. The attack results in system slowdown and eventual crash of the Safari browser.

Description

Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yannick von Arx · htmldososx

https://www.exploit-db.com/exploits/1715

View Code ZIP pw:eip

This exploit leverages a vulnerability in Safari 2.0.3 causing a denial-of-service (DoS) condition by triggering excessive resource consumption via a malformed HTML table with an extremely large ROWSPAN value. The attack results in system slowdown and eventual crash of the Safari browser.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple Safari 2.0.3 (417.9.2)

No auth needed

Prerequisites: Victim must open the malicious HTML file in Safari 2.0.3

MITRE ATT&CK