Apple Safari parent.close() Invalid Pointer Code Execution

Added: 05/28/2010
CVE: CVE-2010-1939
BID: 39990
OSVDB: 64482


Safari is a web browser for Mac OS X and Windows.


Apple Safari 4.0.5 for Windows (and probably earlier) allows remote attackers to execute arbitrary code by enticing the user to open a crafted HTML document. The crafted HTML page can create a pop-up window using the method, and then call the parent window's window.close() method, thereby triggering the vulnerability due to an invalid pointer.


Enable the browser pop-up blocker (this is normally enabled by default in Safari). Consider disabling JavaScript in Safari. Upgrade when a fixed release becomes available.



Exploit works on Apple Safari 4.0.5 for Windows.

The exploit web page must be the first page loaded into the Apple Safari browser instance on the target.

Pop-Up windows must be enabled on the target Apple Safari browser, i.e., disable the pop-up blocker.

The vulnerability is triggered when the user closes the pop-up window with [Alt + F4]. It may take a longer time than normal to establish the shell session.



Back to exploit index