Lucene search
Chaitin Security Research LabZDI-17-369HistoryMay 30, 2017 - 12:00 a.m.
(Pwn2Own) Apple Safari WebSQL matchinfo Type Confusion Remote Code Execution Vulnerability
2017-05-3000:00:00
Chaitin Security Research Lab
www.zerodayinitiative.com
29
EPSS
0.007
Percentile
81.0%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebSQL. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process.
References
Related
prion
prion
Memory corruption
2018-04-03 06:29:00
cvelist
cvelist
CVE-2017-7002
2018-04-03 06:00:00
nvd
nvd
CVE-2017-7002
2018-04-03 06:29:01
ubuntucve
ubuntucve
CVE-2017-7002
2018-04-03 00:00:00
cve
cve
CVE-2017-7002
2018-04-03 06:29:01
nessus
nessus
macOS 10.12.x < 10.12.5 Multiple Vulnerabilities
2017-05-18 00:00:00
Apple iOS < 10.3.2 Multiple Vulnerabilities
2017-05-18 00:00:00
apple
apple
About the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite - Apple Support
2017-06-08 09:43:12
About the security content of macOS Sierra 10.12.5, Security Update 2017-002 El Capitan, and Security Update 2017-002 Yosemite
2017-05-15 00:00:00
About the security content of iOS 10.3.2
2017-05-15 00:00:00