CVE-2009-2195

Apple Safari < 4.0.3 - Remote Code Execution via Crafted Floating-Point Numbers

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2195. PoCs published by Apple.

AI-analyzed exploit summary The exploit demonstrates a buffer overflow vulnerability in WebKit by using malformed numeric values in JavaScript or HTML attributes. This can lead to arbitrary code execution or denial-of-service in vulnerable versions of Safari and other WebKit-based applications.

Description

Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Apple · textremotemultiple

https://www.exploit-db.com/exploits/33164

View Code ZIP pw:eip

The exploit demonstrates a buffer overflow vulnerability in WebKit by using malformed numeric values in JavaScript or HTML attributes. This can lead to arbitrary code execution or denial-of-service in vulnerable versions of Safari and other WebKit-based applications.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: WebKit (Apple Safari < 4.0.3)

No auth needed

Prerequisites: Vulnerable version of WebKit or Safari · Ability to inject malicious JavaScript or HTML

MITRE ATT&CK