CVE-2007-0342

HIGH

Apple Safari - Denial of Service via TD ROWSPAN Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0342. PoCs published by Tom Ferris.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) in Apple WebKit by leveraging a memory access vulnerability in WebCore::ArrayImpl when processing a malformed HTML table with an excessively large ROWSPAN value. The PoC causes a segmentation fault due to invalid memory access.

Description

WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Tom Ferris · textdososx
https://www.exploit-db.com/exploits/29461

This exploit triggers a denial-of-service (DoS) in Apple WebKit by leveraging a memory access vulnerability in WebCore::ArrayImpl when processing a malformed HTML table with an excessively large ROWSPAN value. The PoC causes a segmentation fault due to invalid memory access.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple WebKit build 18794
No auth needed
Prerequisites: Victim must open a malicious HTML document in an application using vulnerable WebKit
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22059
Exploit, Vendor Advisory x_refsource_misc
http://security-protocols.com/sp-x41-advisory.php

Scores

CVSS v3 7.5
EPSS 0.0216
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-399 CWE-476
Status published
Products (4)
apple/mac_os_x 10.4.8
apple/safari 2.0.4_419.3
apple/webkit build_18794
omnigroup/omniweb 5.5.3
Published Jan 18, 2007
Tracked Since Feb 18, 2026