Lucene search
AnonymousZDI-16-527HistorySep 27, 2016 - 12:00 a.m.
Apple Safari HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
2016-09-2700:00:00
Anonymous
www.zerodayinitiative.com
28
0.006 Low
EPSS
Percentile
77.6%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of HTMLVideoElement objects. By manipulating a document’s elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute arbitrary code under the context of the process.
References
Related
cve
cve
ubuntucve
ubuntucve
nvd
nvd
prion
prion
Memory corruption
2016-09-25 10:59:00
Memory corruption
2016-09-25 10:59:00
Memory corruption
2016-09-25 11:00:00
cvelist
cvelist
kaspersky
kaspersky
KLA10877 Multiple vulnerabilities in iTunes
2016-09-25 00:00:00
openvas
openvas
Apple iTunes Multiple Vulnerabilities (Sep 2016) - Windows
2016-09-28 00:00:00
Ubuntu: Security Advisory (USN-3166-1)
2017-01-11 00:00:00
Apple Safari Multiple Vulnerabilities (Sep 2016) - Mac OS X
2016-09-28 00:00:00
apple
apple
About the security content of iTunes 12.5.1 for Windows - Apple Support
2017-01-23 05:36:06
About the security content of iTunes 12.5.1 for Windows
2016-09-13 00:00:00
About the security content of Safari 10
2016-09-20 00:00:00
nessus
nessus
Apple iTunes < 12.5.1 Multiple Vulnerabilities (uncredentialed Check)
2016-11-18 00:00:00
Apple iTunes < 12.5.1 Multiple Vulnerabilities (credentialed check)
2016-11-16 00:00:00
Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3166-1)
2017-01-11 00:00:00
ubuntu
ubuntu
WebKitGTK+ vulnerabilities
2017-01-10 00:00:00
mageia
mageia
Updated webkit2 packages fix security vulnerabilities
2017-03-02 18:11:17