CVE-2006-3946

Published: Jul 31, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted HTML that triggers a "memory management error" in WebKit, possibly due to a buffer overflow, as originally reported for the KHTMLParser::popOneBlock function in Apple Safari 2.0.4 using Javascript that changes document.body.innerHTML within a DIV tag.

Affected (10)

Products: Apple: Safari, Mac Os X

2 products

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apple Safari	Version 2.0.4

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.3.9
Apple Mac Os X	Version 10.4.1
Apple Mac Os X	Version 10.4.2
Apple Mac Os X	Version 10.4.3
Apple Mac Os X	Version 10.4.4
Apple Mac Os X	Version 10.4.5
Apple Mac Os X	Version 10.4.6
Apple Mac Os X	Version 10.4.7
Apple Mac Os X	Version 10.4

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (20)

http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html

Source: cve@mitre.org

Exploit

http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

Source: cve@mitre.org

http://secunia.com/advisories/21271

Source: cve@mitre.org

ExploitVendor Advisory

http://secunia.com/advisories/22187

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1016957

Source: cve@mitre.org

http://www.osvdb.org/27534

Source: cve@mitre.org

http://www.securityfocus.com/bid/19250

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2006/3069

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2006/3852

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/28081

Source: cve@mitre.org

http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://lists.apple.com/archives/security-announce/2006/Sep/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/21271

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://secunia.com/advisories/22187

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1016957

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/27534

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19250

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.vupen.com/english/advisories/2006/3069

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2006/3852

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/28081

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.