Zero Day Initiative Advisory 10-257

Posted by deepcore on November 23, 2010 – 5:46 pm

Zero Day Initiative Advisory 10-257 – This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the wholeText method of the Text element. When calculating the total size of all the text containing it, the application will wrap a 32-bit integer. The application will use this in an allocation and then later use a different value for populating the buffer. This can lead to code execution under the context of the application.

More:
Zero Day Initiative Advisory 10-257

Tags: Apple, Application, exploit
This post is under “Apple, exploit, OSX security tools” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Cross-Domain Information Leakage / Temporary User Tracking In Safari Secunia Security Advisory 42317 »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Zero Day Initiative Advisory 10-257

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL