CVE-2008-0729

Mobile Safari 1.1.2-1.1.3 - Denial of Service via JavaScript String and Array Manipulation

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0729. PoCs published by c0ntex, fuzion.

AI-analyzed exploit summary This is a heap spray exploit PoC targeting a browser vulnerability (likely CVE-2008-0552 or similar). It attempts to trigger a crash by filling memory with a pattern and shellcode, though the shellcode is minimal and non-functional.

Description

Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers to cause a denial of service (memory exhaustion and device crash) via certain JavaScript code that constructs a long string and an array containing long string elements, possibly a related issue to CVE-2006-3677. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by c0ntex · htmldoshardware

https://www.exploit-db.com/exploits/4978

View Code ZIP pw:eip

This is a heap spray exploit PoC targeting a browser vulnerability (likely CVE-2008-0552 or similar). It attempts to trigger a crash by filling memory with a pattern and shellcode, though the shellcode is minimal and non-functional.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Internet Explorer (likely IE6/IE7)

No auth needed

Prerequisites: Victim must visit a malicious webpage · Vulnerable browser version

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by fuzion · htmldosios

https://www.exploit-db.com/exploits/31057

View Code ZIP pw:eip

This exploit targets a remote denial-of-service vulnerability in Apple iPhone (1.1.2 and 1.1.3) by triggering a kernel panic via a maliciously crafted webpage. The PoC uses JavaScript to manipulate memory with shellcode and fill patterns, potentially leading to a crash.