CVE-2007-2580

Apple Safari - Unprotected Keychain Password Exposure via JavaScript Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2580. PoCs published by poplix.

AI-analyzed exploit summary This exploit leverages AppleScript to execute JavaScript in Safari, extracting password values from a form field. It demonstrates an information leakage vulnerability in Safari.

Description

Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.

Exploits (1)

exploitdb WORKING POC VERIFIED
by poplix · javascriptlocalosx
https://www.exploit-db.com/exploits/29950

This exploit leverages AppleScript to execute JavaScript in Safari, extracting password values from a form field. It demonstrates an information leakage vulnerability in Safari.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apple Safari (unspecified version)
No auth needed
Prerequisites: Safari must be running on macOS · Attacker must have local access or ability to execute AppleScript
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468719/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/467676/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2685
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468650/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468639/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468737/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468727/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23825
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468869/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468544/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/35569
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468585/100/0/threaded

Scores

EPSS 0.0074
EPSS Percentile 49.8%

Details

Status published
Products (1)
apple/safari
Published May 09, 2007
Tracked Since Feb 18, 2026