ID CVE-2011-0116
Summary Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
References
Vulnerable Configurations
  • Apple iTunes 4.0.0
    cpe:2.3:a:apple:itunes:4.0.0
  • Apple iTunes 4.0.1
    cpe:2.3:a:apple:itunes:4.0.1
  • Apple iTunes 4.1.0
    cpe:2.3:a:apple:itunes:4.1.0
  • Apple iTunes 4.2.0
    cpe:2.3:a:apple:itunes:4.2.0
  • Apple iTunes 4.5
    cpe:2.3:a:apple:itunes:4.5
  • Apple iTunes 4.5.0
    cpe:2.3:a:apple:itunes:4.5.0
  • Apple iTunes 4.6
    cpe:2.3:a:apple:itunes:4.6
  • Apple iTunes 4.6.0
    cpe:2.3:a:apple:itunes:4.6.0
  • Apple iTunes 4.7
    cpe:2.3:a:apple:itunes:4.7
  • Apple iTunes 4.7.0
    cpe:2.3:a:apple:itunes:4.7.0
  • Apple iTunes 4.7.1
    cpe:2.3:a:apple:itunes:4.7.1
  • Apple iTunes 4.7.2
    cpe:2.3:a:apple:itunes:4.7.2
  • Apple iTunes 4.8.0
    cpe:2.3:a:apple:itunes:4.8.0
  • Apple iTunes 4.9.0
    cpe:2.3:a:apple:itunes:4.9.0
  • Apple iTunes 5.0
    cpe:2.3:a:apple:itunes:5.0
  • Apple iTunes 5.0.0
    cpe:2.3:a:apple:itunes:5.0.0
  • Apple iTunes 5.0.1
    cpe:2.3:a:apple:itunes:5.0.1
  • Apple iTunes 6.0.0
    cpe:2.3:a:apple:itunes:6.0.0
  • Apple iTunes 6.0.1
    cpe:2.3:a:apple:itunes:6.0.1
  • Apple iTunes 6.0.2
    cpe:2.3:a:apple:itunes:6.0.2
  • Apple iTunes 6.0.3
    cpe:2.3:a:apple:itunes:6.0.3
  • Apple iTunes 6.0.4
    cpe:2.3:a:apple:itunes:6.0.4
  • Apple iTunes 6.0.5
    cpe:2.3:a:apple:itunes:6.0.5
  • cpe:2.3:a:apple:itunes:6.0.4.2
    cpe:2.3:a:apple:itunes:6.0.4.2
  • Apple iTunes 7.0.0
    cpe:2.3:a:apple:itunes:7.0.0
  • Apple iTunes 7.0.1
    cpe:2.3:a:apple:itunes:7.0.1
  • Apple iTunes 7.0.2
    cpe:2.3:a:apple:itunes:7.0.2
  • Apple iTunes 7.1.0
    cpe:2.3:a:apple:itunes:7.1.0
  • Apple iTunes 7.1.1
    cpe:2.3:a:apple:itunes:7.1.1
  • Apple iTunes 7.2.0
    cpe:2.3:a:apple:itunes:7.2.0
  • Apple iTunes 7.3.0
    cpe:2.3:a:apple:itunes:7.3.0
  • Apple iTunes 7.3.1
    cpe:2.3:a:apple:itunes:7.3.1
  • Apple iTunes 7.3.2
    cpe:2.3:a:apple:itunes:7.3.2
  • Apple iTunes 7.4
    cpe:2.3:a:apple:itunes:7.4
  • Apple iTunes 7.4.0
    cpe:2.3:a:apple:itunes:7.4.0
  • Apple iTunes 7.4.1
    cpe:2.3:a:apple:itunes:7.4.1
  • Apple iTunes 7.4.2
    cpe:2.3:a:apple:itunes:7.4.2
  • Apple iTunes 7.4.3
    cpe:2.3:a:apple:itunes:7.4.3
  • Apple iTunes 7.5
    cpe:2.3:a:apple:itunes:7.5
  • Apple iTunes 7.5.0
    cpe:2.3:a:apple:itunes:7.5.0
  • Apple iTunes 7.6
    cpe:2.3:a:apple:itunes:7.6
  • Apple iTunes 7.6.0
    cpe:2.3:a:apple:itunes:7.6.0
  • Apple iTunes 7.6.1
    cpe:2.3:a:apple:itunes:7.6.1
  • Apple iTunes 7.6.2
    cpe:2.3:a:apple:itunes:7.6.2
  • Apple iTunes 7.7
    cpe:2.3:a:apple:itunes:7.7
  • Apple iTunes 7.7.0
    cpe:2.3:a:apple:itunes:7.7.0
  • Apple iTunes 7.7.1
    cpe:2.3:a:apple:itunes:7.7.1
  • Apple iTunes 8.0.0
    cpe:2.3:a:apple:itunes:8.0.0
  • Apple iTunes 8.0.1
    cpe:2.3:a:apple:itunes:8.0.1
  • cpe:2.3:a:apple:itunes:8.0.2
    cpe:2.3:a:apple:itunes:8.0.2
  • Apple iTunes 8.1
    cpe:2.3:a:apple:itunes:8.1
  • cpe:2.3:a:apple:itunes:8.1.1
    cpe:2.3:a:apple:itunes:8.1.1
  • cpe:2.3:a:apple:itunes:8.2
    cpe:2.3:a:apple:itunes:8.2
  • cpe:2.3:a:apple:itunes:8.2.1
    cpe:2.3:a:apple:itunes:8.2.1
  • Apple iTunes 9.0.0
    cpe:2.3:a:apple:itunes:9.0.0
  • Apple iTunes 9.0.1
    cpe:2.3:a:apple:itunes:9.0.1
  • Apple iTunes 9.0.2
    cpe:2.3:a:apple:itunes:9.0.2
  • Apple iTunes 9.0.3
    cpe:2.3:a:apple:itunes:9.0.3
  • Apple iTunes 9.2
    cpe:2.3:a:apple:itunes:9.2
  • Apple iTunes 9.2.1
    cpe:2.3:a:apple:itunes:9.2.1
  • Apple iTunes 10.0
    cpe:2.3:a:apple:itunes:10.0
  • Apple iTunes 10.0.1
    cpe:2.3:a:apple:itunes:10.0.1
  • Apple iTunes 10.1
    cpe:2.3:a:apple:itunes:10.1
  • Apple iTunes 10.1.1
    cpe:2.3:a:apple:itunes:10.1.1
  • Apple iTunes 10.1.2
    cpe:2.3:a:apple:itunes:10.1.2
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows Vista Service Pack 1 (initial release)
    cpe:2.3:o:microsoft:windows_vista:-:sp1
  • Microsoft Windows Vista Service Pack 2
    cpe:2.3:o:microsoft:windows_vista:-:sp2
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
CVSS
Base: 7.6 (as of 03-03-2011 - 20:23)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id SAFARI_5_0_4.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.0.4. It therefore is potentially affected by several issues in the following components : - ImageIO - libxml - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 52613
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52613
    title Safari < 5.0.4 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI5_0_4.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0.4. As such, it is potentially affected by several issues in the following components : - libxml - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 52612
    published 2011-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52612
    title Mac OS X : Apple Safari < 5.0.4
  • NASL family Windows
    NASL id ITUNES_10_2.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 10.2. As such, it is affected by numerous issues in the following components : - ImageIO - libxml - WebKit
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52534
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52534
    title Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_10_2_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 10.2. It is, therefore, affected by multiple vulnerabilities in the WebKit, ImageIO, and libxml components. Note that these only affect iTunes for Windows.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 52535
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52535
    title Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
oval via4
accepted 2015-06-22T04:00:24.568-04:00
class vulnerability
contributors
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Bernd Eggenmueller
    organization baramundi software
definition_extensions
comment Apple iTunes is installed
oval oval:org.mitre.oval:def:12353
description Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
family windows
id oval:org.mitre.oval:def:17220
status accepted
submitted 2013-07-30T11:32:03.685-04:00
title Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1
version 7
refmap via4
apple
  • APPLE-SA-2011-03-02-1
  • APPLE-SA-2011-03-09-1
  • APPLE-SA-2011-03-09-2
confirm
misc http://www.zerodayinitiative.com/advisories/ZDI-11-097
Last major update 02-11-2013 - 23:08
Published 03-03-2011 - 15:00
Last modified 18-09-2017 - 21:31
Back to Top