Vulnerability Name:

CVE-2005-4504 (CCN-23819)

Assigned:2005-12-22
Published:2005-12-22
Updated:2017-07-20
Summary:The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
5.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2005-4504

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=303382

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/jarticle.html?artnum=303382-en

Source: APPLE
Type: UNKNOWN
APPLE-SA-2006-03-01

Source: CCN
Type: Apple Web site
APPLE-SA-2006 Security Update 2006-001

Source: CCN
Type: SA18220
Mac OS X KHTMLParser Denial of Service Weakness

Source: SECUNIA
Type: Vendor Advisory
18220

Source: CCN
Type: SA19064
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
19064

Source: CCN
Type: Security-Protocols Advisory December 21, 2005
Mac OS X <= 10.4.3 KHTMLParser DoS

Source: MISC
Type: Exploit, Vendor Advisory
http://security-protocols.com/advisory/sp-x22-advisory.txt

Source: CCN
Type: US-CERT VU#351217
Apple Safari WebKit component vulnerable to buffer overflow

Source: CERT-VN
Type: US Government Resource
VU#351217

Source: BID
Type: Exploit
16045

Source: CCN
Type: BID-16045
Apple Mac OS X KHTMLParser Remote Denial of Service Vulnerability

Source: BID
Type: UNKNOWN
16907

Source: CCN
Type: BID-16907
Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities

Source: CERT
Type: US Government Resource
TA06-062A

Source: VUPEN
Type: UNKNOWN
ADV-2005-3058

Source: VUPEN
Type: UNKNOWN
ADV-2006-0791

Source: XF
Type: UNKNOWN
macos-khtmlparser-dos(23819)

Source: XF
Type: UNKNOWN
macos-khtmlparser-dos(23819)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apple:safari:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.2.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:1.3:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:apple:textedit:*:*:*:*:*:*:*:* (Version <= 1.4)

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.1.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.1.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.1.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.1.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.1.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.2.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.3:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.6:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.7:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.8:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.2:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2005-4504 (CCN-25031)

    Assigned:2005-12-22
    Published:2006-03-01
    Updated:2006-03-01
    Summary:Mac OS X and Mac OS X Server are vulnerable to a heap-based buffer overflow, caused by improper handling of certain HTML. By hosting a malicious Web site containing specially-crafted HTML, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
    5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Wed Mar 01 2006 - 17:10:48 CST
    Fwd: APPLE-SA-2006-03-01 Security Update 2006-001

    Source: MITRE
    Type: CNA
    CVE-2005-4504

    Source: CCN
    Type: Apple Security Update 2006-001
    About Security Update 2006-001

    Source: CCN
    Type: SA18220
    Mac OS X KHTMLParser Denial of Service Weakness

    Source: CCN
    Type: SA19064
    Mac OS X Security Update Fixes Multiple Vulnerabilities

    Source: CCN
    Type: Apple Web site
    Apple - Support - Downloads

    Source: CCN
    Type: US-CERT VU#351217
    Apple Safari WebKit component vulnerable to buffer overflow

    Source: CCN
    Type: BID-16045
    Apple Mac OS X KHTMLParser Remote Denial of Service Vulnerability

    Source: CCN
    Type: BID-16907
    Apple Mac OS X Security Update 2006-001 Multiple Vulnerabilities

    Source: XF
    Type: UNKNOWN
    macosx-webkit-bo(25031)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/o:apple:mac_os_x:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.3.9:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x:10.4.5:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    apple safari 1.0
    apple safari 1.1
    apple safari 1.2
    apple safari 1.2.1
    apple safari 1.2.2
    apple safari 1.2.3
    apple safari 1.3
    apple safari 2.0
    apple safari 2.0.1
    apple safari 2.0.2
    apple textedit *
    apple mac os x 10.0
    apple mac os x 10.0.1
    apple mac os x 10.0.2
    apple mac os x 10.0.3
    apple mac os x 10.0.4
    apple mac os x 10.1
    apple mac os x 10.1.1
    apple mac os x 10.1.2
    apple mac os x 10.1.3
    apple mac os x 10.1.4
    apple mac os x 10.1.5
    apple mac os x 10.2
    apple mac os x 10.2.1
    apple mac os x 10.2.2
    apple mac os x 10.2.3
    apple mac os x 10.2.4
    apple mac os x 10.2.5
    apple mac os x 10.2.6
    apple mac os x 10.2.7
    apple mac os x 10.2.8
    apple mac os x 10.3
    apple mac os x 10.3.1
    apple mac os x 10.3.2
    apple mac os x 10.3.3
    apple mac os x 10.3.4
    apple mac os x 10.3.5
    apple mac os x 10.3.6
    apple mac os x 10.3.7
    apple mac os x 10.3.8
    apple mac os x 10.3.9
    apple mac os x 10.4
    apple mac os x 10.4.1
    apple mac os x 10.4.2
    apple mac os x 10.4.3
    apple mac os x server 10.0
    apple mac os x server 10.1
    apple mac os x server 10.1.1
    apple mac os x server 10.1.2
    apple mac os x server 10.1.3
    apple mac os x server 10.1.4
    apple mac os x server 10.1.5
    apple mac os x server 10.2
    apple mac os x server 10.2.1
    apple mac os x server 10.2.2
    apple mac os x server 10.2.3
    apple mac os x server 10.2.4
    apple mac os x server 10.2.5
    apple mac os x server 10.2.6
    apple mac os x server 10.2.7
    apple mac os x server 10.2.8
    apple mac os x server 10.3
    apple mac os x server 10.3.1
    apple mac os x server 10.3.2
    apple mac os x server 10.3.3
    apple mac os x server 10.3.4
    apple mac os x server 10.3.5
    apple mac os x server 10.3.6
    apple mac os x server 10.3.7
    apple mac os x server 10.3.8
    apple mac os x server 10.3.9
    apple mac os x server 10.4
    apple mac os x server 10.4.1
    apple mac os x server 10.4.2
    apple mac os x server 10.4.3
    apple mac os x 10.3.9
    apple mac os x server 10.3.9
    apple mac os x 10.4.5
    apple mac os x server 10.4.5