CVE-2009-0321

Apple Safari 3.2.1 - DoS

Title source: llm

Description

Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lostmon · perldoswindows

https://www.exploit-db.com/exploits/32761

View Code ZIP pw:eip

References (4)

[Exploit] http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html

[Exploit] http://www.securityfocus.com/bid/33481

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48284

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091

Scores

EPSS 0.0379

EPSS Percentile 87.9%

Classification

CWE

CWE-59

Status draft

Affected Products (1)

apple/safari

Timeline

Published Jan 28, 2009

Tracked Since Feb 18, 2026