CVE-2009-3272

Apple Safari - Denial of Service via JavaScript eval on Long String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3272. PoCs published by Jeremy Brown.

AI-analyzed exploit summary This Perl script generates an HTML file that triggers a denial-of-service (DoS) condition in Safari 3.2.3 (Win32) by exploiting a stack overflow in WebKit.dll via a maliciously crafted JavaScript 'eval' function call.

Description

Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jeremy Brown · perldoswindows_x86

https://www.exploit-db.com/exploits/9606

View Code ZIP pw:eip

This Perl script generates an HTML file that triggers a denial-of-service (DoS) condition in Safari 3.2.3 (Win32) by exploiting a stack overflow in WebKit.dll via a maliciously crafted JavaScript 'eval' function call.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Safari 3.2.3 (Win32)

No auth needed

Prerequisites: Victim must open the generated HTML file in Safari 3.2.3 (Win32)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43068

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2011/0212

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9606

Scores

EPSS 0.0644

EPSS Percentile 92.8%

Details

CWE

CWE-399

Status published

Products (5)

apple/safari 3.2.3

apple/safari 4.0 (2 CPE variants)

apple/safari 4.0.0b

apple/safari 4.0.2

apple/safari 4.0.3

Published Sep 21, 2009

Tracked Since Feb 18, 2026