virus logo Intrusion Prevention

Apple.Safari.HTML.Tag.Handling.DoS

description-logoDescription

This indicates an attack attempt to exploit a denial-of-service vulnerability in Apple Safari.
The vulnerability is caused by an error in the KWQListIteratorImpl::KWQListIteratorImpl(), QPainter::drawText(), and objc_msgSend_rtp() functions when handling an IFRAME tag with SCROLLING attributes or SRC attributes with no value. It allows a remote attacker to crash the vulnerable software via sending a crafted web page.

affected-products-logoAffected Products

Apple Safari 2.0.3
Apple Safari 2.0.2
Apple Safari 2.0.1
Apple Mobile Safari 0
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Apply the patch, available from the vendor's web site:
Apple Mac OS X Server 10.3.9
* Apple SecUpdSrvr2006-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10488&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Pan.dmg
Apple Mac OS X 10.3.9
* Apple SecUpd2006-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10486&cat=1&platform=osx&method=sa/SecUpd2006-003Pan.dmg
Apple Mac OS X Server 10.4.6
* Apple SecUpdSrvr2006-003Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10487&cat=1&platform=osx&method=sa/SecUpdSrvr2006-003Ti.dmg
Apple Mac OS X 10.4.6
* Apple SecUpd2006-003Intel.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10485&cat=1&platform=osx&method=sa/SecUpd2006-003Intel.dmg
* Apple SecUpd2006-003Ti.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=10484&cat=1&platform=osx&method=sa/SecUpd2006-003Ti.dmg

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-12 16.941 Name:Apple.
macOS.
Safari.
HTML.
Tag.
Handling.
DoS:Apple.
Safari.
HTML.
Tag.
Handling.
DoS
ID 23079
Created Jun 08, 2010
Updated Nov 03, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2006-1987
Exploit Prediction Score 79.92%
Default Action drop
Active
Affected OS MacOS
Affected App Apple