ID

VAR-201103-0294


CVE

CVE-2011-1290


TITLE

WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-001530

DESCRIPTION

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. WebKit Is CSS There is a flaw in the handling of styles, node sets, and length values that could allow arbitrary code execution.Skillfully crafted by a third party Web Through the site, you may get important information on the heap memory address. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the WebKit library's implementation of a CSS style. When totaling the length of it's string elements, the library will store the result into a 32bit integer. This value will be used for an allocation and then later will be used to initialize the allocated buffer. Due to the number of elements being totaled being variable, this will allow an aggressor to provide as many elements as necessary in order to cause the integer value to wrap causing an under-allocation. Initialization of this data will then cause a heap-based buffer overflow. This can lead to code execution under the context of the application. WebKit is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously discussed in BID 46833 (Blackberry Browser Multiple Unspecified Information Disclosure and Integer Overflow Vulnerabilities), but has been given its own record to better document it. Google Chrome is a web browser developed by Google (Google). This vulnerability has been demonstrated by Vincenzo Iozzo, Willem Pinckaers and Ralf-Philipp Weinmann in the Pwn2Own hacking contest at CanSecWest 2011. ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-104 April 14, 2011 -- CVE ID: CVE-2011-1290 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: WebKit -- Affected Products: WebKit WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11087. -- Vendor Response: Apple patch on April 14, 2011: http://support.apple.com/kb/HT4606 http://support.apple.com/kb/HT4607 http://support.apple.com/kb/HT4596 -- Disclosure Timeline: 2011-03-31 - Vulnerability reported to vendor 2011-04-14 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous * Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi . Gents, If you are a lucky BlackBerry owner, or an administrator of many BB devices, you can do a quick security check of your smartphone(s), by browsing this web page from your device (free quick check): http://tehtris.com/bbcheck For now, this will check for you if you are potentially vulnerable against those exploits: -> Nov 2007 - US-CERT Advisory VU#282856 - Exploit from Michael Kemp http://www.blackberry.com/btsc/KB12577 -> Jan 2011 - CVE-2010-2599 - Exploit found by TEHTRI-Security http://www.blackberry.com/btsc/KB24841 -> Mar 2011 - CVE-2011-1290 - Awesome Pwn2own/CSW exploit from Vincenzo Iozzo, Ralf Philipp Weinmann, and Willem Pinckaers A workaround for this latest vulnerability (CVE-2011-1290) could be to disable JavaScript, as explained on RIM resources. You should definitely read this: http://www.blackberry.com/btsc/KB26132 Have a nice day, Laurent OUDOT, CEO TEHTRI-Security -- "This is not a game" http://www.tehtri-security.com/ Follow us: @tehtris => Join us for more hacking tricks during next awesome events: - SyScan Singapore (April) -- Training: "Advanced PHP Hacking" http://www.syscan.org/index.php/sg/training - HITB Amsterdam (May) -- Training: "Hunting Web Attackers" http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2192-1 security@debian.org http://www.debian.org/security/ Giuseppe Iuculano March 15, 2011 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : chromium-browser Vulnerability : several Problem type : remote Debian-specific: no CVE ID : CVE-2011-0779 CVE-2011-1290 Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2011-0779 Google Chrome before 9.0.597.84 does not properly handle a missing key in an extension, which allows remote attackers to cause a denial of service (application crash) via a crafted extension. For the stable distribution (squeeze), these problems have been fixed in version 6.0.472.63~r59945-5+squeeze4 For the testing distribution (wheezy), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed version 10.0.648.133~r77742-1 We recommend that you upgrade your chromium-browser packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk1/lHMACgkQNxpp46476ao/EwCdFThT2dtAQ9HB8yza9Z4gIqV4 FeIAn3zISoa/86EhpLs5qjhMB9gQ6Oc0 =QJZP -----END PGP SIGNATURE-----

Trust: 2.88

sources: NVD: CVE-2011-1290 // JVNDB: JVNDB-2011-001530 // ZDI: ZDI-11-104 // BID: 46849 // VULHUB: VHN-49235 // PACKETSTORM: 100465 // PACKETSTORM: 99462 // PACKETSTORM: 99354

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:eqversion:10

Trust: 1.1

vendor:rimmodel:blackberry torch 9800scope:eqversion:*

Trust: 1.0

vendor:rimmodel:blackberry torch 9800scope:eqversion:6.0.0.246

Trust: 1.0

vendor:applemodel:webkitscope:eqversion:*

Trust: 1.0

vendor:blackberrymodel:device softwarescope:eqversion:6.0 and later

Trust: 0.8

vendor:googlemodel:chromescope:ltversion:10.0.648.133

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.0 to 4.3.1 (iphone 3gs after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.1 to 4.3.1 (ipod touch (3rd generation) after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 to 4.3.1 (ipad for )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:4.2.5 to 4.2.6 (iphone 4 (cdma))

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:webkitmodel:webkitscope: - version: -

Trust: 0.7

vendor:applemodel:webkitscope: - version: -

Trust: 0.6

vendor:researchmodel:in motion blackberry torchscope:eqversion:98000

Trust: 0.3

vendor:researchmodel:in motion blackberry stylescope:eqversion:96700

Trust: 0.3

vendor:researchmodel:in motion blackberry pearlscope:eqversion:91000

Trust: 0.3

vendor:researchmodel:in motion blackberry pearlscope:eqversion:81000

Trust: 0.3

vendor:researchmodel:in motion blackberry device softwarescope:eqversion:6.0

Trust: 0.3

vendor:researchmodel:in motion blackberry curvescope:eqversion:93000

Trust: 0.3

vendor:researchmodel:in motion blackberry curvescope:eqversion:83000

Trust: 0.3

vendor:researchmodel:in motion blackberry browserscope:eqversion:0

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:97800

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:97005.0.0.593

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:88004.2

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:88004.1

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:88000

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:87204.2

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:87204.1

Trust: 0.3

vendor:researchmodel:in motion blackberry 8700rscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberry 8700fscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberry 8700cscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:83204.2

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:83204.1

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7780

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7750

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7730

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7520

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7290

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7280

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:72700

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7250

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:72304.0

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:72303.8

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:72303.7.1.41

Trust: 0.3

vendor:researchmodel:in motion blackberry 7130escope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberry 7105tscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7100x

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:7100v

Trust: 0.3

vendor:researchmodel:in motion blackberry 7100tscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberry 7100rscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberry 7100iscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberry 7100gscope: - version: -

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:9700

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:9650

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:8530

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:8520

Trust: 0.3

vendor:researchmodel:in motion blackberryscope:eqversion:8330

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.94

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.84

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:9.0.597.107

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.128

Trust: 0.3

vendor:googlemodel:chromescope:eqversion:10.0.648.127

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipselscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux m68kscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux hppascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armelscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linux alphascope:eqversion:5.0

Trust: 0.3

vendor:debianmodel:linuxscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.0

Trust: 0.3

vendor:googlemodel:chromescope:neversion:10.0.648.133

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0.5

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.2.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.2.7

Trust: 0.3

sources: ZDI: ZDI-11-104 // BID: 46849 // JVNDB: JVNDB-2011-001530 // CNNVD: CNNVD-201103-180 // NVD: CVE-2011-1290

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1290
value: HIGH

Trust: 1.0

NVD: CVE-2011-1290
value: HIGH

Trust: 0.8

ZDI: CVE-2011-1290
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201103-180
value: CRITICAL

Trust: 0.6

VULHUB: VHN-49235
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-1290
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

ZDI: CVE-2011-1290
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 8.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

VULHUB: VHN-49235
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-11-104 // VULHUB: VHN-49235 // JVNDB: JVNDB-2011-001530 // CNNVD: CNNVD-201103-180 // NVD: CVE-2011-1290

PROBLEMTYPE DATA

problemtype:CWE-189

Trust: 1.9

sources: VULHUB: VHN-49235 // JVNDB: JVNDB-2011-001530 // NVD: CVE-2011-1290

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 100465 // CNNVD: CNNVD-201103-180

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201103-180

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-001530

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-49235

PATCH

title:HT4596url:http://support.apple.com/kb/HT4596

Trust: 0.8

title:HT4606url:http://support.apple.com/kb/HT4606

Trust: 0.8

title:HT4607url:http://support.apple.com/kb/HT4607

Trust: 0.8

title:HT4609url:http://support.apple.com/kb/HT4609

Trust: 0.8

title:HT4607url:http://support.apple.com/kb/HT4607?viewlocale=ja_JP

Trust: 0.8

title:HT4609url:http://support.apple.com/kb/HT4609?viewlocale=ja_JP

Trust: 0.8

title:HT4596url:http://support.apple.com/kb/HT4596?viewlocale=ja_JP

Trust: 0.8

title:HT4606url:http://support.apple.com/kb/HT4606?viewlocale=ja_JP

Trust: 0.8

title:Google Chromeurl:http://www.google.co.jp/chrome/intl/ja/landing_ff_yt.html?hl=ja&hl=ja

Trust: 0.8

title:stable-and-beta-channel-updatesurl:http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html

Trust: 0.8

title:KB26132url:http://www.blackberry.com/btsc/KB26132

Trust: 0.8

title:Apple patch on April 14, 2011: fix:http://trac.webkit.org/changeset/80787http://trac.webkit.org/changeset/82054url:http://support.apple.com/kb/HT4606http://support.apple.com/kb/HT4607http://support.apple.com/kb/HT4596Webkit

Trust: 0.7

title:WebKit Fixes for digital error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=169944

Trust: 0.6

sources: ZDI: ZDI-11-104 // JVNDB: JVNDB-2011-001530 // CNNVD: CNNVD-201103-180

EXTERNAL IDS

db:NVDid:CVE-2011-1290

Trust: 3.8

db:ZDIid:ZDI-11-104

Trust: 2.2

db:BIDid:46849

Trust: 2.2

db:SECUNIAid:44154

Trust: 1.9

db:SECUNIAid:44151

Trust: 1.9

db:SECUNIAid:43748

Trust: 1.9

db:SECUNIAid:43735

Trust: 1.9

db:VUPENid:ADV-2011-0654

Trust: 1.9

db:VUPENid:ADV-2011-0984

Trust: 1.9

db:VUPENid:ADV-2011-0645

Trust: 1.9

db:SECTRACKid:1025212

Trust: 1.9

db:SECUNIAid:43782

Trust: 1.1

db:VUPENid:ADV-2011-0671

Trust: 1.1

db:OSVDBid:71182

Trust: 1.1

db:XFid:66052

Trust: 0.8

db:JVNDBid:JVNDB-2011-001530

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-1107

Trust: 0.7

db:CNNVDid:CNNVD-201103-180

Trust: 0.7

db:NSFOCUSid:16728

Trust: 0.6

db:NSFOCUSid:16587

Trust: 0.6

db:PACKETSTORMid:100465

Trust: 0.2

db:VULHUBid:VHN-49235

Trust: 0.1

db:PACKETSTORMid:99462

Trust: 0.1

db:PACKETSTORMid:99354

Trust: 0.1

sources: ZDI: ZDI-11-104 // VULHUB: VHN-49235 // BID: 46849 // JVNDB: JVNDB-2011-001530 // PACKETSTORM: 100465 // PACKETSTORM: 99462 // PACKETSTORM: 99354 // CNNVD: CNNVD-201103-180 // NVD: CVE-2011-1290

REFERENCES

url:http://www.securityfocus.com/bid/46849

Trust: 1.9

url:http://www.securitytracker.com/id?1025212

Trust: 1.9

url:http://secunia.com/advisories/43735

Trust: 1.9

url:http://secunia.com/advisories/43748

Trust: 1.9

url:http://secunia.com/advisories/44151

Trust: 1.9

url:http://secunia.com/advisories/44154

Trust: 1.9

url:http://www.vupen.com/english/advisories/2011/0645

Trust: 1.9

url:http://www.vupen.com/english/advisories/2011/0654

Trust: 1.9

url:http://www.vupen.com/english/advisories/2011/0984

Trust: 1.9

url:http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

Trust: 1.7

url:http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401

Trust: 1.7

url:http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html

Trust: 1.4

url:http://support.apple.com/kb/ht4596

Trust: 1.2

url:http://support.apple.com/kb/ht4607

Trust: 1.2

url:http://www.blackberry.com/btsc/kb26132

Trust: 1.2

url:http://www.zerodayinitiative.com/advisories/zdi-11-104

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2011//apr/msg00000.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2011//apr/msg00001.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2011//apr/msg00002.html

Trust: 1.1

url:http://www.securityfocus.com/archive/1/517513/100/0/threaded

Trust: 1.1

url:http://www.debian.org/security/2011/dsa-2192

Trust: 1.1

url:http://osvdb.org/71182

Trust: 1.1

url:http://secunia.com/advisories/43782

Trust: 1.1

url:http://www.vupen.com/english/advisories/2011/0671

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/66052

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1290

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/66052

Trust: 0.8

url:http://jvn.jp/cert/jvnvu990878

Trust: 0.8

url:http://jvn.jp/cert/jvnvu658892

Trust: 0.8

url:http://jvn.jp/cert/jvnvu805814

Trust: 0.8

url:http://jvn.jp/cert/jvnvu597782

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1290

Trust: 0.8

url:http://support.apple.com/kb/ht4606http://support.apple.com/kb/ht4607http://support.apple.com/kb/ht4596webkit

Trust: 0.7

url:http://trac.webkit.org/changeset/80787http://trac.webkit.org/changeset/82054

Trust: 0.7

url:http://www.nsfocus.net/vulndb/16728

Trust: 0.6

url:http://www.nsfocus.net/vulndb/16587

Trust: 0.6

url:http://www.zerodayinitiative.com/advisories/zdi-11-104/

Trust: 0.3

url:http://www.google.com/chrome

Trust: 0.3

url:http://threatpost.com/en_us/blogs/iphone-blackberry-fall-second-day-pwn2own-031011

Trust: 0.3

url:http://www.rim.net/

Trust: 0.3

url:http://www.webkit.org/

Trust: 0.3

url:http://lists.apple.com/archives/security-announce/2011/apr/msg00004.html

Trust: 0.3

url:http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displaykc&doctype=kc&externalid=kb26132

Trust: 0.3

url:http://www.blackberry.com/btsc/dynamickc.do?externalid=kb26132&sliceid=1&command=show&forward=nonthreadedkc&kcid=kb26132

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2011-1290

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://support.apple.com/kb/ht4606

Trust: 0.1

url:http://www.blackberry.com/btsc/kb24841

Trust: 0.1

url:http://www.tehtri-security.com/

Trust: 0.1

url:http://www.blackberry.com/btsc/kb12577

Trust: 0.1

url:http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=16

Trust: 0.1

url:http://tehtris.com/bbcheck

Trust: 0.1

url:http://www.syscan.org/index.php/sg/training

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-2599

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0779

Trust: 0.1

sources: ZDI: ZDI-11-104 // VULHUB: VHN-49235 // BID: 46849 // JVNDB: JVNDB-2011-001530 // PACKETSTORM: 100465 // PACKETSTORM: 99462 // PACKETSTORM: 99354 // CNNVD: CNNVD-201103-180 // NVD: CVE-2011-1290

CREDITS

AnonymousVincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann

Trust: 0.7

sources: ZDI: ZDI-11-104

SOURCES

db:ZDIid:ZDI-11-104
db:VULHUBid:VHN-49235
db:BIDid:46849
db:JVNDBid:JVNDB-2011-001530
db:PACKETSTORMid:100465
db:PACKETSTORMid:99462
db:PACKETSTORMid:99354
db:CNNVDid:CNNVD-201103-180
db:NVDid:CVE-2011-1290

LAST UPDATE DATE

2024-11-20T19:55:33.137000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-11-104date:2011-04-14T00:00:00
db:VULHUBid:VHN-49235date:2018-10-09T00:00:00
db:BIDid:46849date:2011-10-11T19:10:00
db:JVNDBid:JVNDB-2011-001530date:2011-05-10T00:00:00
db:CNNVDid:CNNVD-201103-180date:2021-11-16T00:00:00
db:NVDid:CVE-2011-1290date:2018-10-09T19:30:42.537

SOURCES RELEASE DATE

db:ZDIid:ZDI-11-104date:2011-04-14T00:00:00
db:VULHUBid:VHN-49235date:2011-03-11T00:00:00
db:BIDid:46849date:2011-03-10T00:00:00
db:JVNDBid:JVNDB-2011-001530date:2011-05-10T00:00:00
db:PACKETSTORMid:100465date:2011-04-15T14:14:11
db:PACKETSTORMid:99462date:2011-03-18T22:39:32
db:PACKETSTORMid:99354date:2011-03-16T02:27:27
db:CNNVDid:CNNVD-201103-180date:2011-03-14T00:00:00
db:NVDid:CVE-2011-1290date:2011-03-11T21:57:16.893