Vulnerabilities > CVE-2009-0070 - Numeric Errors vulnerability in Apple Safari

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
CWE-189
critical
exploit available

Summary

Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.

Vulnerable Configurations

Part Description Count
Application
Apple
1

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionSafari (Arguments) Array Integer Overflow PoC (New Heap Spray). CVE-2009-0070. Dos exploits for multiple platform
fileexploits/multiple/dos/7673.html
idEDB-ID:7673
last seen2016-02-01
modified2009-01-05
platformmultiple
port
published2009-01-05
reporterSkylined
sourcehttps://www.exploit-db.com/download/7673/
titleSafari Arguments Array Integer Overflow PoC New Heap Spray
typedos