CVE-2018-4328

HIGH

Safari < 12 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4328. PoCs published by Google Security Research.

AI-analyzed exploit summary This PoC demonstrates an out-of-bounds read vulnerability in WebKit (CVE-2018-4328) by manipulating DOM elements and CSS properties, triggering a heap-buffer-overflow in the rendering engine. The exploit is confirmed on Safari 11.1.1 and WebKit revision 233419.

Description

Multiple memory corruption issues were addressed with improved memory handling. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · htmldosmultiple

https://www.exploit-db.com/exploits/45483

View Code ZIP pw:eip

This PoC demonstrates an out-of-bounds read vulnerability in WebKit (CVE-2018-4328) by manipulating DOM elements and CSS properties, triggering a heap-buffer-overflow in the rendering engine. The exploit is confirmed on Safari 11.1.1 and WebKit revision 233419.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: WebKit (Safari 11.1.1)

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →