Webkit.org Webkit copyNonAttributeProperties Remote Code Execution Vulnerability

ID ZDI-12-055
Type zdi
Reporter wushi of team509
Modified 2012-11-09T00:00:00


This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.