CVE-2006-6015

macOS 10.4 - Denial of Service via JavaScript Regular Expression exec Method

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6015. PoCs published by jbh_cg.

AI-analyzed exploit summary This exploit leverages a JavaScript regular expression vulnerability in Apple Safari to trigger a denial-of-service (DoS) condition by causing excessive memory consumption during regex execution. The PoC demonstrates a crash but does not confirm remote code execution.

Description

Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.

Exploits (1)

exploitdb WORKING POC VERIFIED

by jbh_cg · htmldososx

https://www.exploit-db.com/exploits/29007

View Code ZIP pw:eip

This exploit leverages a JavaScript regular expression vulnerability in Apple Safari to trigger a denial-of-service (DoS) condition by causing excessive memory consumption during regex execution. The PoC demonstrates a crash but does not confirm remote code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple Safari 2.0.4

No auth needed

Prerequisites: Victim must visit a malicious webpage or execute the JavaScript code

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21053

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/451823/100/0/threaded

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/451542/100/0/threaded

Scores

EPSS 0.0369

EPSS Percentile 88.3%

Details

Status published

Products (1)

apple/mac_os_x 10.4

Published Nov 21, 2006

Tracked Since Feb 18, 2026