PT-2006-4792 · Apple · Macos X+2
Jens Kutilek
·
Published
2006-07-31
·
Updated
2017-07-20
·
CVE-2006-3946
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
WebCore in Apple Mac OS X versions 10.3.9 through 10.4.7
Description
The issue allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a memory management error in WebKit, possibly due to a buffer overflow. This can be achieved by using Javascript to change
document.body.innerHTML within a DIV tag.Recommendations
For Mac OS X versions 10.3.9 through 10.4.7, consider restricting the use of WebCore until a patch is available. As a temporary workaround, avoid using Javascript that changes
document.body.innerHTML within a DIV tag to minimize the risk of exploitation.Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Macos X
Webcore
Webkit