CVE-2009-2419

Apple Safari <4.0.1 - Use After Free

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2419. PoCs published by SkyOut.

AI-analyzed exploit summary This exploit leverages a denial-of-service vulnerability in Apple Safari by attempting to execute a function `crashSafari()` which is not defined, leading to an exception that triggers a page reload and a prompt. The vulnerability arises from improper input sanitization, potentially causing the browser to crash.

Description

Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML document that references a zero-length .js file and the JavaScript reload function. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SkyOut · textdoswindows

https://www.exploit-db.com/exploits/33062

View Code ZIP pw:eip

This exploit leverages a denial-of-service vulnerability in Apple Safari by attempting to execute a function `crashSafari()` which is not defined, leading to an exception that triggers a page reload and a prompt. The vulnerability arises from improper input sanitization, potentially causing the browser to crash.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple Safari 4.0 and 4.0.1

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK