The host is installed with Apple Safari before 4.1 or 5.0 and is prone to a use-after-free vulnerability. A flaw is present in the application, which fails to properly handle a certain window close action that occurs during a drag-and-drop operation. Successful exploitation could allow remote attackers to execute arbitrary code or crash the service.