Lucene search

K
zdiWushi of team509ZDI-10-029
HistoryMar 15, 2010 - 12:00 a.m.

Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability

2010-03-1500:00:00
wushi of team509
www.zerodayinitiative.com
21

EPSS

0.185

Percentile

96.3%

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the WebCore’s HTMLObjectElement::renderFallBackContent() method. By rewriting an HTML element via the document’s innerHTML() method a memory corruption occurs resulting from a call-after-free. This can be leveraged to execute arbitrary code under the context of the current user.