CVE-2010-1177

Safari - Remote Code Execution via Long Crafted Strings in document.write

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1177. PoCs published by Nishant Das Patnaik.

AI-analyzed exploit summary This exploit targets a memory corruption vulnerability in Safari on iPhone/iPod Touch (versions 3.1.3 and prior) by overflowing a buffer with a large number of Unicode characters. The PoC attempts to trigger a DoS or potential RCE by exhausting memory resources.

Description

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nishant Das Patnaik · htmlremoteosx

https://www.exploit-db.com/exploits/33811

View Code ZIP pw:eip

This exploit targets a memory corruption vulnerability in Safari on iPhone/iPod Touch (versions 3.1.3 and prior) by overflowing a buffer with a large number of Unicode characters. The PoC attempts to trigger a DoS or potential RCE by exhausting memory resources.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Apple Safari on iPhone/iPod Touch <= 3.1.3

No auth needed

Prerequisites: Victim must visit a malicious webpage using vulnerable Safari on iPhone/iPod Touch

MITRE ATT&CK

T1499.004 - Application or System Exploitation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit x_refsource_misc

http://nishantdaspatnaik.yolasite.com/ipodpoc2.php

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/38994

Scores

EPSS 0.0717

EPSS Percentile 93.5%

Details

CWE

CWE-94

Status published

Products (1)

apple/safari

Published Mar 29, 2010

Tracked Since Feb 18, 2026