CVE-2011-3845 - Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is insta

CVE-2011-3845

Summary

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

References

http://osvdb.org/79849
http://secunia.com/advisories/45758
http://www.securityfocus.com/bid/52325
https://exchange.xforce.ibmcloud.com/vulnerabilities/73713

Vulnerable Configurations

cpe:2.3:a:apple:safari:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:5.1.2:*:*:*:*:*:*:*

CVSS

Base:	7.6 (as of 05-01-2018 - 02:29)
Impact:
Exploitability:

CWE

CWE-399

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:H/Au:N/C:C/I:C/A:C

refmap via4

bid	52325
osvdb	79849
secunia	45758
xf	safari-plugin-code-execution(73713)

Last major update

05-01-2018 - 02:29

Published

08-03-2012 - 04:15

Last modified

05-01-2018 - 02:29