Title buffer overflow in Safari 3.0.2 for Windows

by Robert Vamosi June 25, 2007 10:35 AM PDT

Following last Friday's release of Safari 3.0.2 comes a brand-new Monday morning vulnerability. Researcher E. Azizov of ITdefence in Russia posted on the Bugtraq newsgroup a demonstration of a buffer overflow in the Windows XP version of Apple's browser. Specifically, the new vulnerability affects the title buffer in Safari bookmarks. If the title of a page you wish to bookmark in Safari 3.0.2 exceeds 1,024 bytes, as soon as you save the bookmark (Ctrl+D) your computer may become compromised.

Inside CNET News

1-2 of 12

Scroll Left Scroll Right

Googleplex expansion to include 'Experience Center,' test labs
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.

Cutting Edge
Video game Spacewar reborn at 50 (photos)
Gallery
Litigation lunacy: Silicon Valley's lost its collective mind
The dreary details differ, but the same theme informs--we're good, they're bad, and dear judge: would you please kneecap these guys for us?

News Blogs
The pool table that levels itself in rough seas
A pool table on a cruise ship is gyroscopically controlled so that it moves with the waves and the balls don't slide at all.

Technically Incorrect
Tips for keeping your browsing private
Video
Samsung Galaxy Mini may get low-end sibling
The Samsung Galaxy mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.

Mobile
Ethical manufacturing petition delivered to San Francisco Apple Store
Video
Tor anonymity project looks to help Iranians sidestep Net ban
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.

Politics and Law
Seminal computer video game Spacewar lives again
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.

Cutting Edge
Top-rated reviews of the week (photos)
Gallery
DIY Weekend: Bag your own Star Wars Admiral Sackbar
George Lucas has just released his version of "Star Wars" in 3D, but c'mon--the guy believes Greedo shot first. Why not make your own Star Wars world? In the first installment of a Crave series, a crack team of crafters fight the power and turn paper bags into the Rebel Alliance's Admiral Ackbar. It's a sack!

Crave
Around the world in a solar car
In a two-seater electric car powered only by the sun, a team of German students plan to circumnavigate the world.

The Car Tech blog

Title buffer overflow in Safari 3.0.2 for Windows

Inside CNET News

CNET Blogs

Discussions

Shared

About News Blogs

RSS

my Yahoo

Google

MSN

Topics

CNET on the Go

Like Us / Follow Us