CVE-2009-0162

EIP tracks 1 public exploit for CVE-2009-0162. PoCs published by Billy Rios.

AI-analyzed exploit summary This exploit leverages an input-validation vulnerability in Apple Safari to read local files via XMLHttpRequest and exfiltrate their contents to a remote server. It demonstrates arbitrary JavaScript execution in the local security zone.

Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 Public Beta, on Apple Mac OS X 10.5 before 10.5.7 and Windows allows remote attackers to inject arbitrary web script or HTML via a crafted feed: URL.