ID
VAR-E-201103-0867
CVE
| cve_id: | CVE-2011-1290 | Trust: 0.3 |
TITLE
WebKit Style Handling Memory Corruption Vulnerability
Trust: 0.3
DESCRIPTION
WebKit is prone to a memory-corruption vulnerability.
An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage.
Successful exploits will allow attackers to execute arbitrary code in the context of the browser. Failed exploit attempts will result in a denial-of-service condition.
NOTE: This issue was previously discussed in BID 46833 (Blackberry Browser Multiple Unspecified Information Disclosure and Integer Overflow Vulnerabilities), but has been given its own record to better document it.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | research | model: | in motion blackberry torch | scope: | eq | version: | 98000 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry style | scope: | eq | version: | 96700 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry pearl | scope: | eq | version: | 91000 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry pearl | scope: | eq | version: | 81000 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry device software | scope: | eq | version: | 6.0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry curve | scope: | eq | version: | 93000 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry curve | scope: | eq | version: | 83000 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry browser | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 97800 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 97005.0.0.593 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 88004.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 88004.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 88000 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 87204.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 87204.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 8700r | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 8700f | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 8700c | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 83204.2 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 83204.1 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7780 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7750 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7730 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7520 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7290 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7280 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 72700 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7250 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 72304.0 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 72303.8 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 72303.7.1.41 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 7130e | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 7105t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7100x | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 7100v | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 7100t | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 7100r | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 7100i | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry 7100g | scope: | - | version: | - | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 9700 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 9650 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 8530 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 8520 | Trust: 0.3 |
| vendor: | research | model: | in motion blackberry | scope: | eq | version: | 8330 | Trust: 0.3 |
| vendor: | model: | chrome | scope: | eq | version: | 9.0.597.94 | Trust: 0.3 | |
| vendor: | model: | chrome | scope: | eq | version: | 9.0.597.84 | Trust: 0.3 | |
| vendor: | model: | chrome | scope: | eq | version: | 9.0.597.107 | Trust: 0.3 | |
| vendor: | model: | chrome | scope: | eq | version: | 10.0.648.128 | Trust: 0.3 | |
| vendor: | model: | chrome | scope: | eq | version: | 10.0.648.127 | Trust: 0.3 | |
| vendor: | debian | model: | linux sparc | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux s/390 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux powerpc | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux mipsel | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux mips | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux m68k | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux ia-64 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux ia-32 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux hppa | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux armel | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux arm | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux amd64 | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux alpha | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | debian | model: | linux | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4.1.2 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4.0.5 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.0.5 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4.0.4 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.0.4 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4.0.3 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.0.3 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4.0.2 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.0.2 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 5.0.4 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 5.0.4 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 5.0.3 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 5.0.3 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 5.0.2 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 5.0.1 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 5.0 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4.1.3 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.1.3 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.1.2 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.1.1 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | apple | model: | safari beta | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4.0 | Trust: 0.3 |
| vendor: | apple | model: | safari for windows | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | apple | model: | safari beta | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | apple | model: | itunes | scope: | eq | version: | 10.2 | Trust: 0.3 |
| vendor: | apple | model: | itunes | scope: | eq | version: | 10.1 | Trust: 0.3 |
| vendor: | apple | model: | itunes | scope: | eq | version: | 10 | Trust: 0.3 |
| vendor: | apple | model: | ipod touch | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | apple | model: | iphone | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | apple | model: | ipad | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.2.1 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.0.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.0.1 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 3.2.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 3.2.1 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.3.1 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.3 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.2.6 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.2.5 | Trust: 0.3 |
| vendor: | apple | model: | ios beta | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4.1 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 4 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 3.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | eq | version: | 3.0 | Trust: 0.3 |
| vendor: | model: | chrome | scope: | ne | version: | 10.0.648.133 | Trust: 0.3 | |
| vendor: | apple | model: | safari for windows | scope: | ne | version: | 5.0.5 | Trust: 0.3 |
| vendor: | apple | model: | safari | scope: | ne | version: | 5.0.5 | Trust: 0.3 |
| vendor: | apple | model: | itunes | scope: | ne | version: | 10.2.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | ne | version: | 4.3.2 | Trust: 0.3 |
| vendor: | apple | model: | ios | scope: | ne | version: | 4.2.7 | Trust: 0.3 |
EXPLOIT
This issue was successfully exploited at CanSecWest's 2011 Pwn2Own contest on a Blackberry device. The exploit is not known to be public or in the wild.
NOTE: To exploit this issue through iTunes, an attacker must first execute a successful man-in-the-middle attack.
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Unknown
Trust: 0.3
CREDITS
Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers
Trust: 0.3
EXTERNAL IDS
| db: | ZDI | id: | ZDI-11-104 | Trust: 0.3 |
| db: | NVD | id: | CVE-2011-1290 | Trust: 0.3 |
| db: | BID | id: | 46849 | Trust: 0.3 |
REFERENCES
| url: | http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html | Trust: 0.3 |
| url: | http://www.zerodayinitiative.com/advisories/zdi-11-104/ | Trust: 0.3 |
| url: | http://threatpost.com/en_us/blogs/iphone-blackberry-fall-second-day-pwn2own-031011 | Trust: 0.3 |
| url: | http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displaykc&doctype=kc&externalid=kb26132 | Trust: 0.3 |
| url: | http://lists.apple.com/archives/security-announce/2011/apr/msg00004.html | Trust: 0.3 |
| url: | http://www.rim.net/ | Trust: 0.3 |
| url: | http://www.google.com/chrome | Trust: 0.3 |
| url: | http://www.blackberry.com/btsc/dynamickc.do?externalid=kb26132&sliceid=1&command=show&forward=nonthreadedkc&kcid=kb26132 | Trust: 0.3 |
| url: | http://www.webkit.org/ | Trust: 0.3 |
SOURCES
| db: | BID | id: | 46849 |
LAST UPDATE DATE
2022-07-27T09:47:49.964000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 46849 | date: | 2011-10-11T19:10:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 46849 | date: | 2011-03-10T00:00:00 |