Lucene search

[email protected]CVE-2011-1344

HistoryMar 10, 2011 - 8:55 p.m.

CVE-2011-1344

2011-03-1020:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2011-1344

webkit

apple safari

ios

remote code execution

pwn2own

cansecwest

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.3%

JSON

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

CPENameOperatorVersion
apple:safariapple safarieq4.0.2
apple:safariapple safarieq3.0.4b
apple:safariapple safarieq1.3.0
apple:safariapple safarieq1.0.3
apple:safariapple safarieq2.0.3
apple:safariapple safarieq4.0.1
apple:safariapple safarieq1.3.2
apple:safariapple safarieq2
apple:safariapple safarieq1.1.1
apple:safariapple safarieq3.0.4

CPE	Name	Operator	Version
apple:safari	apple safari	eq	4.0.2
apple:safari	apple safari	eq	3.0.4b
apple:safari	apple safari	eq	1.3.0
apple:safari	apple safari	eq	1.0.3
apple:safari	apple safari	eq	2.0.3
apple:safari	apple safari	eq	4.0.1
apple:safari	apple safari	eq	1.3.2
apple:safari	apple safari	eq	2
apple:safari	apple safari	eq	1.1.1
apple:safari	apple safari	eq	3.0.4

Rows per page:

1-10 of 961

References

dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

lists.apple.com/archives/security-announce/2011//Apr/msg00000.html

lists.apple.com/archives/security-announce/2011//Apr/msg00001.html

lists.apple.com/archives/security-announce/2011//Apr/msg00002.html

secunia.com/advisories/44151

secunia.com/advisories/44154

support.apple.com/kb/HT4596

support.apple.com/kb/HT4607

twitter.com/aaronportnoy/statuses/45632544967901187

www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own

www.securityfocus.com/archive/1/517505/100/0/threaded

www.securityfocus.com/archive/1/517517/100/0/threaded

www.securityfocus.com/bid/46822

www.securitytracker.com/id?1025363

www.vupen.com/english/advisories/2011/0984

www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358

www.zerodayinitiative.com/advisories/ZDI-11-135

exchange.xforce.ibmcloud.com/vulnerabilities/66061

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.043 Low

EPSS

Percentile

92.3%

JSON

Related for CVE-2011-1344

securityvulns4 zdi1 prion1 ubuntucve1 nessus6 openvas6