Apple Safari Nested 'object' Tag Remote Denial Of Service Vulnerability Network Vulnerability

Summary

The host is installed with Apple Safari and is prone to Denial Of Service vulnerability

Impact

Successful exploitation allows remote attacker to crash the affected browser. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

The flaw is due to an error in 'JavaScriptCore.dll' when processing HTML document composed of many successive occurrences of the '<object>' substring.

Affected

Apple Safari 4.0.5 on Windows

References

http://downloads.securityfocus.com/vulnerabilities/exploits/38884.php
http://en.securitylab.ru/nvd/392298.php
http://vul.hackerjournals.com/?p=7517

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1131
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Asterisk Products Invalid SDP SIP Channel Driver DoS Vulnerability
Apple iTunes Multiple Vulnerabilities
Comodo Internet Security Denial of Service Vulnerability-01
Apache APR-Utils Multiple Denial of Service Vulnerabilities
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)

Apple Safari Nested 'object' Tag Remote Denial Of Service vulnerability

Take action and discover your vulnerabilities