Jens Kutilek

**Name of the Vulnerable Software and Affected Versions** WebCore in Apple Mac OS X versions 10.3.9 through 10.4.7 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a memory management error in WebKit, possibly due to a buffer overflow. This can be achieved by using Javascript to change `document.body.innerHTML` within a DIV tag. **Recommendations** For Mac OS X versions 10.3.9 through 10.4.7, consider restricting the use of WebCore until a patch is available. As a temporary workaround, avoid using Javascript that changes `document.body.innerHTML` within a DIV tag to minimize the risk of exploitation.