漏洞描述
Apple Apple Safari是美国苹果(Apple)公司开发的一款Web浏览器,是Mac OS X和iOS操作系统附带的默认浏览器。 Windows下运行的Apple Safari存在释放后使用漏洞,远程攻击者可以利用window.open创建特制HTML文档弹出窗口,然后调用父窗口的关闭方法,触发已删除窗口对象的不当处理,并执行任意代码。
Apple Safari window.parent.close()远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC generic-windows-lfi: Generic Windows based LFI Test
- POC automatic-windows-updates-disabled: Automatic Windows Updates Disabled
- POC windows-active-desktop-enabled: Active Desktop Enabled
- POC windows-administrative-shares-enabled: Administrative Shares Enabled
- POC windows-administrator-blank-password: Built-in Administrator Account Has Blank Password
- POC windows-anonymous-sid-enumeration-allowed: Windows Allows Anonymous SID Enumeration
- POC windows-autorun-enabled: AutoRun Enabled
- POC windows-credential-manager-plaintext-passwords-allowed: Credential Manager Allows Storing of Plain Text Passwords
- POC windows-defender-realtime-protection-disabled: Windows Defender Real-Time Protection Disabled
- POC windows-dep-disabled: Data Execution Prevention (DEP) Not Enabled
- POC windows-firewall-disabled: Windows Firewall Disabled
- POC windows-installer-elevated-privileges: Windows Installer Elevated Privileges Enabled
- POC windows-lsa-protection-not-enabled: LSA Protection Not Enabled or Not Configured