CVE-2006-3946

Name of the Vulnerable Software and Affected Versions WebCore in Apple Mac OS X versions 10.3.9 through 10.4.7

Description The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a memory management error in WebKit, possibly due to a buffer overflow. This can be achieved by using Javascript to change document.body.innerHTML within a DIV tag.

Recommendations For Mac OS X versions 10.3.9 through 10.4.7, consider restricting the use of WebCore until a patch is available. As a temporary workaround, avoid using Javascript that changes document.body.innerHTML within a DIV tag to minimize the risk of exploitation.