[Forgot Password]
Login  Register Subscribe

23631

 
 

121468

 
 

98218

 
 

909

 
 

79224

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-0115

Date: (C)2011-03-03   (M)2017-12-01 


The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVSS Score: 7.6Access Vector: NETWORK
Exploit Score: 4.9Access Complexity: HIGH
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
APPLE-SA-2011-03-02-1
APPLE-SA-2011-03-09-1
APPLE-SA-2011-03-09-2
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4564
http://support.apple.com/kb/HT4566
http://www.zerodayinitiative.com/advisories/ZDI-11-096

CPE    61
cpe:/a:apple:webkit
cpe:/a:apple:itunes:5.0.1
cpe:/a:apple:itunes:5.0.0
cpe:/a:apple:itunes:4.2.0
...
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:314
oval:org.secpod.oval:def:17340
oval:org.secpod.oval:def:2936
oval:org.secpod.oval:def:2935
...

© 2013 SecPod Technologies