ID

VAR-201107-0038


CVE

CVE-2011-1457


TITLE

Apple Safari Used in WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-002081

DESCRIPTION

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. WebKit is prone to a remote code-execution vulnerability due to memory-corruption. Attackers can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. NOTE: This issue was previously discussed in 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ---------------------------------------------------------------------- The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. Read more and request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45325 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 RELEASE DATE: 2011-07-22 DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45325/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45325 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system. 1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error within CFNetwork when using the NTLM authentication protocol can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page. 3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. This can lead to certificates signed by the disabled root certificates being validated. 4) An integer overflow error exists within the ColorSync component. For more information see vulnerability #5 in: SA45054 5) An off-by-one error exists within the CoreFoundation framework. For more information see vulnerability #6 in: SA45054 6) An integer overflow error exists in CoreGraphics. For more information see vulnerability #7 in: SA45054 7) An error exists within ICU (International Components for Unicode). For more information see vulnerability #11 in: SA45054 8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings. For more information see vulnerability #9 in: SA45054 9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow. 10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 11) An error within libxslt can be exploited to disclose certain addresses from the heap. For more information see vulnerability #2 in: SA43832 12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow. 13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page. 14) A cross-origin error when handling certain fonts in Java Applets can lead to certain text being displayed on other sites. 15) Multiple unspecified errors in the WebKit component can be exploited to corrupt memory. 16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files. 17) A cross-origin error when handling Web Workers can lead to certain information being disclosed. 18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. 20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 21) An error within the handling of RSS feeds may lead to arbitrary files from a user's system being sent to a remote server. 22) A weakness in WebKit can lead to remote DNS prefetching For more information see vulnerability #6 in: SA42312 23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. 24) An error within WebKit when parsing a frameset element can be exploited to cause a heap-based buffer overflow. 25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page. 26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page. The weakness and the vulnerabilities are reported in versions prior to 5.1 and 5.0.6. SOLUTION: Update to version 5.1 or 5.0.6. PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Vazquez via iDefense The vendor credits: 1) Hidetake Jo via Microsoft Vulnerability Research (MSVR) and Neal Poole, Matasano Security 2) Takehiro Takahashi, IBM X-Force Research 3) An anonymous reporter 5) Harry Sintonen 6) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 7) David Bienvenu, Mozilla 9) Cyril CATTIAUX, Tessi Technologies 11) Chris Evans, Google Chrome Security Team 12) Billy Rios, Google Security Team 13) Florian Rienhardt of BSI, Alex Lambert, and Jeremiah Grossman 14) Joshua Smith, Kaon Interactive 16) Nicolas Gregoire, Agarri 17) Daniel Divricean, divricean.ro 18) Jobert Abma, Online24 19) Sergey Glazunov 20) Jordi Chancel 21) Jason Hullinger 22) Mike Cardwell, Cardwell IT The vendor provides a bundled list of credits for vulnerabilities in #15: * David Weston, Microsoft and Microsoft Vulnerability Research (MSVR) * Yong Li, Research In Motion * SkyLined, Google Chrome Security Team * Abhishek Arya (Inferno), Google Chrome Security Team * Nikita Tarakanov and Alex Bazhanyuk, CISS Research Team * J23 via ZDI * Rob King via ZDI * wushi, team509 via ZDI * wushi of team509 * Adam Barth, Google Chrome Security Team * Richard Keen * An anonymous researcher via ZDI * Rik Cabanier, Adobe Systems * Martin Barbella * Sergey Glazunov * miaubiz * Andreas Kling, Nokia * Marek Majkowski via iDefense * John Knottenbelt, Google ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4808 iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-228/ NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2011-1457 // JVNDB: JVNDB-2011-002081 // BID: 48856 // VULHUB: VHN-49402 // PACKETSTORM: 103250

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 1.9

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 1.9

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:safariscope:lteversion:5.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:webkitscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.9

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.8 and later

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.8 and later

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:webkitscope: - version: -

Trust: 0.6

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r82222scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.3

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.3

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.9

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.8

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.7

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.6

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.5

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2.10

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.0.6

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:neversion:5.1

Trust: 0.3

vendor:applemodel:safari for windowsscope:neversion:5.0.6

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.5

Trust: 0.3

vendor:applemodel:iosscope:neversion:5

Trust: 0.3

sources: BID: 48856 // JVNDB: JVNDB-2011-002081 // CNNVD: CNNVD-201107-357 // NVD: CVE-2011-1457

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-1457
value: HIGH

Trust: 1.0

NVD: CVE-2011-1457
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201107-357
value: CRITICAL

Trust: 0.6

VULHUB: VHN-49402
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-1457
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-49402
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-49402 // JVNDB: JVNDB-2011-002081 // CNNVD: CNNVD-201107-357 // NVD: CVE-2011-1457

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-49402 // JVNDB: JVNDB-2011-002081 // NVD: CVE-2011-1457

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201107-357

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201107-357

CONFIGURATIONS

sources: JVNDB: JVNDB-2011-002081

PATCH

title:HT4808url:http://support.apple.com/kb/HT4808

Trust: 0.8

sources: JVNDB: JVNDB-2011-002081

EXTERNAL IDS

db:NVDid:CVE-2011-1457

Trust: 2.8

db:SECUNIAid:45325

Trust: 1.6

db:BIDid:48856

Trust: 1.2

db:SECTRACKid:1025816

Trust: 0.8

db:OSVDBid:74014

Trust: 0.8

db:JVNDBid:JVNDB-2011-002081

Trust: 0.8

db:CNNVDid:CNNVD-201107-357

Trust: 0.7

db:NSFOCUSid:17308

Trust: 0.6

db:NSFOCUSid:17909

Trust: 0.6

db:APPLEid:APPLE-SA-2011-07-20-1

Trust: 0.6

db:VULHUBid:VHN-49402

Trust: 0.1

db:ZDIid:ZDI-11-228

Trust: 0.1

db:PACKETSTORMid:103250

Trust: 0.1

sources: VULHUB: VHN-49402 // BID: 48856 // JVNDB: JVNDB-2011-002081 // PACKETSTORM: 103250 // CNNVD: CNNVD-201107-357 // NVD: CVE-2011-1457

REFERENCES

url:http://support.apple.com/kb/ht4808

Trust: 1.8

url:http://lists.apple.com/archives/security-announce/2011//jul/msg00002.html

Trust: 1.7

url:http://secunia.com/advisories/45325

Trust: 1.4

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00000.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html

Trust: 1.1

url:http://support.apple.com/kb/ht4981

Trust: 1.1

url:http://support.apple.com/kb/ht4999

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1457

Trust: 0.8

url:http://jvn.jp/cert/jvnvu781747/index.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1457

Trust: 0.8

url:http://osvdb.org/74014

Trust: 0.8

url:http://www.securityfocus.com/bid/48856

Trust: 0.8

url:http://www.securitytracker.com/id?1025816

Trust: 0.8

url:http://www.nsfocus.net/vulndb/17308

Trust: 0.6

url:http://www.nsfocus.net/vulndb/17909

Trust: 0.6

url:http://www.apple.com/safari/

Trust: 0.3

url:http://www.webkit.org/

Trust: 0.3

url:/archive/1/520068

Trust: 0.3

url:http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html

Trust: 0.1

url:http://secunia.com/advisories/45325/

Trust: 0.1

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931

Trust: 0.1

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933

Trust: 0.1

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-11-228/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/advisories/45325/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=45325

Trust: 0.1

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-49402 // BID: 48856 // JVNDB: JVNDB-2011-002081 // PACKETSTORM: 103250 // CNNVD: CNNVD-201107-357 // NVD: CVE-2011-1457

CREDITS

John Knottenbelt of Google

Trust: 0.3

sources: BID: 48856

SOURCES

db:VULHUBid:VHN-49402
db:BIDid:48856
db:JVNDBid:JVNDB-2011-002081
db:PACKETSTORMid:103250
db:CNNVDid:CNNVD-201107-357
db:NVDid:CVE-2011-1457

LAST UPDATE DATE

2024-11-23T21:00:11.880000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-49402date:2011-10-21T00:00:00
db:BIDid:48856date:2011-10-12T22:40:00
db:JVNDBid:JVNDB-2011-002081date:2011-08-11T00:00:00
db:CNNVDid:CNNVD-201107-357date:2011-07-29T00:00:00
db:NVDid:CVE-2011-1457date:2024-11-21T01:26:21.800

SOURCES RELEASE DATE

db:VULHUBid:VHN-49402date:2011-07-21T00:00:00
db:BIDid:48856date:2011-07-20T00:00:00
db:JVNDBid:JVNDB-2011-002081date:2011-08-11T00:00:00
db:PACKETSTORMid:103250date:2011-07-21T06:58:31
db:CNNVDid:CNNVD-201107-357date:2011-07-29T00:00:00
db:NVDid:CVE-2011-1457date:2011-07-21T23:55:02.647