ID

VAR-201103-0124


CVE

CVE-2011-1344


TITLE

WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-001531

DESCRIPTION

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011. WebKit Contains a flaw in the execution of arbitrary code due to a flaw in processing related to text nodes.A third party may execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a 'removeChild' call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-135 April 14, 2011 -- CVE ID: CVE-2011-1344 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 10970. -- Vendor Response: Google patch on March 12, 2011: http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html Apple patch on April 14, 2011: http://support.apple.com/kb/HT4606 http://support.apple.com/kb/HT4607 http://support.apple.com/kb/HT4596 -- Disclosure Timeline: 2011-03-31 - Vulnerability reported to vendor 2011-04-14 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Vupen Security -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. ---------------------------------------------------------------------- A step-by-step discussion of the latest Flash Player 0-day exploit: http://secunia.com/blog/210 ---------------------------------------------------------------------- TITLE: Apple iOS for iPhone 4 (CDMA) Multiple Vulnerabilities SECUNIA ADVISORY ID: SA44154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44154 RELEASE DATE: 2011-04-16 DISCUSS ADVISORY: http://secunia.com/advisories/44154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities has been reported in Apple iOS for iPhone 4 (CDMA), which can be exploited by malicious people to compromise a vulnerable device. 1) A boundary error exists within QuickLook. For more information see vulnerability #29 in: SA43814 2) An integer overflow error exists within WebKit. For more information: SA43748 3) A use-after-free error exists within WebKit. PROVIDED AND/OR DISCOVERED BY: 1) Charlie Miller and Dion Blazakis via ZDI. 2) Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann via ZDI. 3) Vupen via ZDI. The vendor also credits Martin Barbella. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4607 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-109/ http://www.zerodayinitiative.com/advisories/ZDI-11-104/ http://www.zerodayinitiative.com/advisories/ZDI-11-135/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Update to version 5.0.5. VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344) http://www.vupen.com/english/research.php I. BACKGROUND --------------------- "Apple Safari is a web browser developed by Apple. As of February 2010, Safari was the fourth most widely used browser, with 4.45% of the worldwide usage share of web browsers according to Net Application." II. DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. CVSS Score: 10 (AV:N/AC:L/Au:N/C:C/I:C/A:C) III. AFFECTED PRODUCTS --------------------------- Apple Safari version 5.0.4 and prior for Windows and Mac OS X Apple iOS versions 3.0 through 4.3.1 for iPhone 3GS and later Apple iOS versions 3.1 through 4.3.1 for iPod touch (3rd generation) and later Apple iOS versions 3.2 through 4.3.1 for iPad Apple iOS versions 4.2.5 through 4.2.6 for iPhone 4 (CDMA) IV. Binary Analysis & Exploits/PoCs --------------------------------------- In-depth binary analysis of the vulnerability and a code execution exploit are available through the VUPEN Binary Analysis & Exploits Service : http://www.vupen.com/english/services/ba-index.php V. VUPEN Threat Protection Program ----------------------------------- To proactively protect critical networks and infrastructures against unpatched vulnerabilities and reduce risks related to zero-day attacks, VUPEN shares its vulnerability research with governments and organizations members of the VUPEN Threat Protection Program (TPP). VUPEN TPP customers receive fully detailed and technical reports about security vulnerabilities discovered by VUPEN and in advance of their public disclosure. http://www.vupen.com/english/services/tpp-index.php VI. SOLUTION ---------------- Upgrade to Apple Safari version 5.0.5 for Windows and Mac OS X. Upgrade to Apple iOS version 4.3.2 for iPhone, iPod, and iPad. Upgrade to Apple iOS version 4.2.7 for iPhone 4 (CDMA). VII. CREDIT -------------- This vulnerability was discovered by Matthieu Bonetti of VUPEN Security VIII. ABOUT VUPEN Security --------------------------- VUPEN is a leading IT security research company providing vulnerability management and security intelligence solutions which enable enterprises and institutions to eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage risks. Governmental and federal agencies, and global enterprises in the financial services, insurance, manufacturing and technology industries rely on VUPEN to improve their security, prioritize resources, cut time and costs, and stay ahead of the latest threats. * VUPEN Vulnerability Notification Service (VNS) : http://www.vupen.com/english/services/vns-index.php * VUPEN Binary Analysis & Exploits Service (BAE) : http://www.vupen.com/english/services/ba-index.php * VUPEN Threat Protection Program for Govs (TPP) : http://www.vupen.com/english/services/tpp-index.php * VUPEN Web Application Security Scanner (WASS) : http://www.vupen.com/english/services/wass-index.php IX. REFERENCES ---------------------- http://www.vupen.com/english/research-vuln.php http://www.vupen.com/english/advisories/2011/0984 http://www.vupen.com/english/advisories/2011/0983 http://support.apple.com/kb/HT4596 http://support.apple.com/kb/HT4606 http://support.apple.com/kb/HT4607 X. DISCLOSURE TIMELINE ----------------------------- 2011-02-26 - Vulnerability Discovered by VUPEN 2011-04-14 - Apple updates available

Trust: 2.97

sources: NVD: CVE-2011-1344 // JVNDB: JVNDB-2011-001531 // ZDI: ZDI-11-135 // BID: 46822 // VULHUB: VHN-49289 // PACKETSTORM: 100464 // PACKETSTORM: 100493 // PACKETSTORM: 100496 // PACKETSTORM: 100473

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:eqversion:1.1.5

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.3

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.1

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.0.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.2

Trust: 1.6

vendor:applemodel:iphone osscope:eqversion:1.1.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 1.1

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:4.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.8

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:4.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:iphone osscope:lteversion:4.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.0 to 4.3.1 (iphone 3gs after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.1 to 4.3.1 (ipod touch (3rd generation) after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 to 4.3.1 (ipad for )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:4.2.5 to 4.2.6 (iphone 4 (cdma))

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:webkitmodel:webkitscope: - version: -

Trust: 0.7

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0.5

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.2.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.2.7

Trust: 0.3

sources: ZDI: ZDI-11-135 // BID: 46822 // JVNDB: JVNDB-2011-001531 // CNNVD: CNNVD-201103-147 // NVD: CVE-2011-1344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1344
value: MEDIUM

Trust: 1.0

NVD: CVE-2011-1344
value: MEDIUM

Trust: 0.8

ZDI: CVE-2011-1344
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201103-147
value: MEDIUM

Trust: 0.6

VULHUB: VHN-49289
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-1344
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2011-1344
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-49289
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-11-135 // VULHUB: VHN-49289 // JVNDB: JVNDB-2011-001531 // CNNVD: CNNVD-201103-147 // NVD: CVE-2011-1344

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-49289 // JVNDB: JVNDB-2011-001531 // NVD: CVE-2011-1344

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 100464 // PACKETSTORM: 100473 // CNNVD: CNNVD-201103-147

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201103-147

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001531

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-49289

PATCH

title:HT4596url:http://support.apple.com/kb/HT4596

Trust: 0.8

title:HT4606url:http://support.apple.com/kb/HT4606

Trust: 0.8

title:HT4607url:http://support.apple.com/kb/HT4607

Trust: 0.8

title:HT4609url:http://support.apple.com/kb/HT4609

Trust: 0.8

title:HT4607url:http://support.apple.com/kb/HT4607?viewlocale=ja_JP

Trust: 0.8

title:HT4609url:http://support.apple.com/kb/HT4609?viewlocale=ja_JP

Trust: 0.8

title:HT4596url:http://support.apple.com/kb/HT4596?viewlocale=ja_JP

Trust: 0.8

title:HT4606url:http://support.apple.com/kb/HT4606?viewlocale=ja_JP

Trust: 0.8

title:Google patch on March 12, 2011: patch on April 14, 2011:http://support.apple.com/kb/HT4606http://support.apple.com/kb/HT4607http://support.apple.com/kb/HT4596Webkit fix:http://trac.webkit.org/changeset/79689url:http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.htmlApple

Trust: 0.7

title:Apple Safari WebKit Remediation measures for releasing exploitsurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=203176

Trust: 0.6

sources: ZDI: ZDI-11-135 // JVNDB: JVNDB-2011-001531 // CNNVD: CNNVD-201103-147

EXTERNAL IDS

db:NVDid:CVE-2011-1344

Trust: 3.7

db:ZDIid:ZDI-11-135

Trust: 3.0

db:BIDid:46822

Trust: 2.8

db:SECUNIAid:44151

Trust: 2.7

db:SECUNIAid:44154

Trust: 2.7

db:VUPENid:ADV-2011-0984

Trust: 2.6

db:SECTRACKid:1025363

Trust: 2.5

db:XFid:66061

Trust: 0.8

db:JVNDBid:JVNDB-2011-001531

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1168

Trust: 0.7

db:CNNVDid:CNNVD-201103-147

Trust: 0.7

db:PACKETSTORMid:100464

Trust: 0.2

db:PACKETSTORMid:100473

Trust: 0.2

db:ZDIid:ZDI-11-104

Trust: 0.2

db:VULHUBid:VHN-49289

Trust: 0.1

db:ZDIid:ZDI-11-109

Trust: 0.1

db:PACKETSTORMid:100493

Trust: 0.1

db:PACKETSTORMid:100496

Trust: 0.1

db:VUPENid:ADV-2011-0983

Trust: 0.1

sources: ZDI: ZDI-11-135 // VULHUB: VHN-49289 // BID: 46822 // JVNDB: JVNDB-2011-001531 // PACKETSTORM: 100464 // PACKETSTORM: 100493 // PACKETSTORM: 100496 // PACKETSTORM: 100473 // CNNVD: CNNVD-201103-147 // NVD: CVE-2011-1344

REFERENCES

url:http://www.vupen.com/english/advisories/2011/0984

Trust: 2.6

url:http://www.securityfocus.com/bid/46822

Trust: 2.5

url:http://www.securitytracker.com/id?1025363

Trust: 2.5

url:http://secunia.com/advisories/44151

Trust: 2.5

url:http://secunia.com/advisories/44154

Trust: 2.5

url:http://support.apple.com/kb/ht4596

Trust: 2.0

url:http://support.apple.com/kb/ht4607

Trust: 2.0

url:http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358

Trust: 2.0

url:http://www.zerodayinitiative.com/advisories/zdi-11-135

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2011//apr/msg00000.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2011//apr/msg00001.html

Trust: 1.7

url:http://lists.apple.com/archives/security-announce/2011//apr/msg00002.html

Trust: 1.7

url:http://www.securityfocus.com/archive/1/517505/100/0/threaded

Trust: 1.7

url:http://www.securityfocus.com/archive/1/517517/100/0/threaded

Trust: 1.7

url:http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

Trust: 1.7

url:http://twitter.com/aaronportnoy/statuses/45632544967901187

Trust: 1.7

url:http://www.computerworld.com/s/article/9214002/safari_ie_hacked_first_at_pwn2own

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/66061

Trust: 1.7

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1344

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/66061

Trust: 0.8

url:http://jvn.jp/cert/jvnvu658892

Trust: 0.8

url:http://jvn.jp/cert/jvnvu805814

Trust: 0.8

url:http://jvn.jp/cert/jvnvu597782

Trust: 0.8

url:http://jvn.jp/cert/jvnvu990878

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1344

Trust: 0.8

url:http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.htmlapple

Trust: 0.7

url:http://support.apple.com/kb/ht4606http://support.apple.com/kb/ht4607http://support.apple.com/kb/ht4596webkit

Trust: 0.7

url:http://trac.webkit.org/changeset/79689

Trust: 0.7

url:http://www.zerodayinitiative.com/advisories/zdi-11-135/

Trust: 0.5

url:http://www.apple.com/safari/download/

Trust: 0.3

url:http://www.darknet.org.uk/2011/03/day-one-at-pwn2own-takes-out-microsoft-internet-explorer-and-apple-safari/

Trust: 0.3

url:/archive/1/517517

Trust: 0.3

url:/archive/1/517505

Trust: 0.3

url:http://lists.apple.com/archives/security-announce/2011/apr/msg00004.html

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1344

Trust: 0.2

url:http://support.apple.com/kb/ht4606

Trust: 0.2

url:http://secunia.com/products/corporate/evm/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://www.zerodayinitiative.com/advisories/zdi-11-104/

Trust: 0.2

url:http://secunia.com/blog/210

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html

Trust: 0.1

url:http://secunia.com/advisories/44154/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44154

Trust: 0.1

url:http://secunia.com/advisories/44154/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-109/

Trust: 0.1

url:http://secunia.com/advisories/44151/#comments

Trust: 0.1

url:http://secunia.com/advisories/44151/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44151

Trust: 0.1

url:http://www.vupen.com/english/services/wass-index.php

Trust: 0.1

url:http://www.vupen.com/english/advisories/2011/0983

Trust: 0.1

url:http://www.vupen.com/english/research.php

Trust: 0.1

url:http://www.vupen.com/english/services/ba-index.php

Trust: 0.1

url:http://www.vupen.com/english/services/tpp-index.php

Trust: 0.1

url:http://www.vupen.com/english/research-vuln.php

Trust: 0.1

url:http://www.vupen.com/english/services/vns-index.php

Trust: 0.1

sources: ZDI: ZDI-11-135 // VULHUB: VHN-49289 // BID: 46822 // JVNDB: JVNDB-2011-001531 // PACKETSTORM: 100464 // PACKETSTORM: 100493 // PACKETSTORM: 100496 // PACKETSTORM: 100473 // CNNVD: CNNVD-201103-147 // NVD: CVE-2011-1344

CREDITS

Vupen Security

Trust: 0.7

sources: ZDI: ZDI-11-135

SOURCES

db:ZDIid:ZDI-11-135
db:VULHUBid:VHN-49289
db:BIDid:46822
db:JVNDBid:JVNDB-2011-001531
db:PACKETSTORMid:100464
db:PACKETSTORMid:100493
db:PACKETSTORMid:100496
db:PACKETSTORMid:100473
db:CNNVDid:CNNVD-201103-147
db:NVDid:CVE-2011-1344

LAST UPDATE DATE

2024-11-23T19:32:52.512000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-11-135date:2011-04-14T00:00:00
db:VULHUBid:VHN-49289date:2018-10-09T00:00:00
db:BIDid:46822date:2011-04-18T21:34:00
db:JVNDBid:JVNDB-2011-001531date:2012-07-12T00:00:00
db:CNNVDid:CNNVD-201103-147date:2022-08-10T00:00:00
db:NVDid:CVE-2011-1344date:2024-11-21T01:26:07.490

SOURCES RELEASE DATE

db:ZDIid:ZDI-11-135date:2011-04-14T00:00:00
db:VULHUBid:VHN-49289date:2011-03-10T00:00:00
db:BIDid:46822date:2011-03-09T00:00:00
db:JVNDBid:JVNDB-2011-001531date:2011-05-10T00:00:00
db:PACKETSTORMid:100464date:2011-04-15T14:13:45
db:PACKETSTORMid:100493date:2011-04-17T06:25:13
db:PACKETSTORMid:100496date:2011-04-17T06:25:21
db:PACKETSTORMid:100473date:2011-04-15T14:31:03
db:CNNVDid:CNNVD-201103-147date:2011-03-11T00:00:00
db:NVDid:CVE-2011-1344date:2011-03-10T20:55:01.280