CVE-2008-2303 proof of concept and more

["Berend-Jan Wever" <berendjanwever () gmail com>]

CVE-2008-2303 covers an integer overflow in the handling of indices in
the "arguments" array in Apple Safari that affects iPhone, iPod and PC
(Mac and Windows). It was fixed in Safari 3.2 for iPhone and iPod in
July and for PC in November. More details here:
http://support.apple.com/kb/HT3298


Simple repro:
http:// <goog_1231173753359>skypher <goog_1231173753359>.com/
<goog_1231173753359>SkyLined <goog_1231173753359>/
<goog_1231173753359>Repro
<goog_1231173753359>/Safari/arguments%5B0x800000000%5D/
<goog_1231173753359>repro <goog_1231173753359>.html
<goog_1231173753359>

I have also created proof of concept code that shows potential
exploitability and demonstrates how to use heap-spraying in Safari.
AFAIK this is the first use of heap spraying in Safari, but I may be
wrong. Heap spraying in Safari is not that different from other
browsers, just backwards ;)

http://skypher.com/SkyLined/Repro/Safari/arguments%5B0x800000000%5D/poc.html

No, script-kiddies, it is not a working "insert download and execute
code here" exploit - view source for the win!!


I have created a list of software vulnerabilities, including
previously unreleased material, on my website:

http://skypher.com/wiki/index.php?title=List_of_software_vulnerabilities


Cheers,


SkyLined


--------------------------------------------------------------------------------------------------------
Berend-Jan Wever <berendjanwever () gmail com> http://skypher.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/