CVE-2009-0321

Apple Safari 3.2.1 - Denial of Service via Malformed HTTP URI Authority

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0321. PoCs published by Lostmon.

AI-analyzed exploit summary This Perl script generates an HTML file containing malformed HTTP URIs that trigger a denial-of-service (DoS) condition in Apple Safari 3.2.1 for Windows. The exploit leverages improper input sanitization in the browser's URI handler, causing it to become unstable and unresponsive.

Description

Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Lostmon · perldoswindows
https://www.exploit-db.com/exploits/32761

This Perl script generates an HTML file containing malformed HTTP URIs that trigger a denial-of-service (DoS) condition in Apple Safari 3.2.1 for Windows. The exploit leverages improper input sanitization in the browser's URI handler, causing it to become unstable and unresponsive.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Apple Safari 3.2.1 for Windows
No auth needed
Prerequisites: User interaction required to click the malformed URI link
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48284
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33481

Scores

EPSS 0.0213
EPSS Percentile 79.6%

Details

CWE
CWE-59
Status published
Products (1)
apple/safari 3.2.1
Published Jan 28, 2009
Tracked Since Feb 18, 2026