CVE-2011-0115

2011-03-0320:00:00

CWE-119

[email protected]

web.nvd.nist.gov

dom level 2

webkit

vulnerability

arbitrary code execution

itunes

7.4 High

AI Score

Confidence

Low

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.236 Low

EPSS

Percentile

96.6%

JSON

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CPENameOperatorVersion
apple:itunesapple itunesle10.1.2
apple:itunesapple ituneseq4.0.0
apple:itunesapple ituneseq4.0.1
apple:itunesapple ituneseq4.1.0
apple:itunesapple ituneseq4.2.0
apple:itunesapple ituneseq4.5
apple:itunesapple ituneseq4.5.0
apple:itunesapple ituneseq4.6
apple:itunesapple ituneseq4.6.0
apple:itunesapple ituneseq4.7

CPE	Name	Operator	Version
apple:itunes	apple itunes	le	10.1.2
apple:itunes	apple itunes	eq	4.0.0
apple:itunes	apple itunes	eq	4.0.1
apple:itunes	apple itunes	eq	4.1.0
apple:itunes	apple itunes	eq	4.2.0
apple:itunes	apple itunes	eq	4.5
apple:itunes	apple itunes	eq	4.5.0
apple:itunes	apple itunes	eq	4.6
apple:itunes	apple itunes	eq	4.6.0
apple:itunes	apple itunes	eq	4.7