var-201107-0037
Vulnerability from variot

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the library's support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating it's reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application. WebKit is prone to a remote code-execution vulnerability due to memory corruption. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------

The Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way.

Read more and request a free trial: http://secunia.com/products/corporate/vim/


TITLE: Apple Safari Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA45325

VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45325/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45325

RELEASE DATE: 2011-07-22

DISCUSS ADVISORY: http://secunia.com/advisories/45325/#comments

AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)

http://secunia.com/advisories/45325/

ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS

https://ca.secunia.com/?page=viewadvisory&vuln_id=45325

ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING

http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, and compromise a user's system.

1) An error within CFNetwork when handling the "text/plain" content type can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An error within CFNetwork when using the NTLM authentication protocol can be exploited to execute arbitrary code by tricking a user into visiting a specially crafted web page.

3) An error exists within CFNetwork when handling SSL certificates, which does not properly verify disabled root certificates. This can lead to certificates signed by the disabled root certificates being validated.

4) An integer overflow error exists within the ColorSync component.

For more information see vulnerability #5 in: SA45054

5) An off-by-one error exists within the CoreFoundation framework.

For more information see vulnerability #6 in: SA45054

6) An integer overflow error exists in CoreGraphics.

For more information see vulnerability #7 in: SA45054

7) An error exists within ICU (International Components for Unicode).

For more information see vulnerability #11 in: SA45054

8) An error exists in ImageIO within the handling of TIFF files when handling certain uppercase strings.

For more information see vulnerability #9 in: SA45054

9) An error in ImageIO within the handling of CCITT Group 4 encoded TIFF image files can be exploited to cause a heap-based buffer overflow.

10) A use-after-free error within WebKit when handling TIFF images can result in an invalid pointer being dereferenced when a user views a specially crafted web page.

11) An error within libxslt can be exploited to disclose certain addresses from the heap.

For more information see vulnerability #2 in: SA43832

12) An off-by-one error within libxml when handling certain XML data can be exploited to cause a heap-based buffer overflow.

13) An error in the "AutoFill web forms" feature can be exploited to disclose certain information from the user's Address Book by tricking a user into visiting a specially crafted web page.

14) A cross-origin error when handling certain fonts in Java Applets can lead to certain text being displayed on other sites.

16) An error within WebKit when handling libxslt configurations can be exploited to create arbitrary files.

17) A cross-origin error when handling Web Workers can lead to certain information being disclosed.

18) A cross-origin error when handling certain URLs containing a username can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

19) A cross-origin error when handling DOM nodes can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

20) An error within the handling of DOM history objects can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar.

21) An error within the handling of RSS feeds may lead to arbitrary files from a user's system being sent to a remote server.

22) A weakness in WebKit can lead to remote DNS prefetching

For more information see vulnerability #6 in: SA42312

23) A use-after-free error within WebKit when processing MathML markup tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page.

24) An error within WebKit when parsing a frameset element can be exploited to cause a heap-based buffer overflow.

25) A use-after-free error within WebKit when handling XHTML tags can result in an invalid tag pointer being dereferenced when a user views a specially crafted web page.

26) A use-after-free error within WebKit when handling SVG tags can result in an invalid pointer being dereferenced when a user views a specially crafted web page.

The weakness and the vulnerabilities are reported in versions prior to 5.1 and 5.0.6.

SOLUTION: Update to version 5.1 or 5.0.6.

PROVIDED AND/OR DISCOVERED BY: 10) Juan Pablo Lopez Yacubian via iDefense 4) binaryproof via ZDI 8) Dominic Chell, NGS Secure 23, 25, 26) wushi, team509 via iDefense 24) Jose A. Vazquez via iDefense

The vendor credits: 1) Hidetake Jo via Microsoft Vulnerability Research (MSVR) and Neal Poole, Matasano Security 2) Takehiro Takahashi, IBM X-Force Research 3) An anonymous reporter 5) Harry Sintonen 6) Cristian Draghici, Modulo Consulting and Felix Grobert, Google Security Team 7) David Bienvenu, Mozilla 9) Cyril CATTIAUX, Tessi Technologies 11) Chris Evans, Google Chrome Security Team 12) Billy Rios, Google Security Team 13) Florian Rienhardt of BSI, Alex Lambert, and Jeremiah Grossman 14) Joshua Smith, Kaon Interactive 16) Nicolas Gregoire, Agarri 17) Daniel Divricean, divricean.ro 18) Jobert Abma, Online24 19) Sergey Glazunov 20) Jordi Chancel 21) Jason Hullinger 22) Mike Cardwell, Cardwell IT

The vendor provides a bundled list of credits for vulnerabilities in

15:

  • David Weston, Microsoft and Microsoft Vulnerability Research (MSVR)
  • Yong Li, Research In Motion
  • SkyLined, Google Chrome Security Team
  • Abhishek Arya (Inferno), Google Chrome Security Team
  • Nikita Tarakanov and Alex Bazhanyuk, CISS Research Team
  • J23 via ZDI
  • Rob King via ZDI
  • wushi, team509 via ZDI
  • wushi of team509
  • Adam Barth, Google Chrome Security Team
  • Richard Keen
  • An anonymous researcher via ZDI
  • Rik Cabanier, Adobe Systems
  • Martin Barbella
  • Sergey Glazunov
  • miaubiz
  • Andreas Kling, Nokia
  • Marek Majkowski via iDefense
  • John Knottenbelt, Google

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4808

iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934

ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-228/

NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html

OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/

EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/


About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


. ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-11-240

July 27, 2011

-- CVE ID: CVE-2011-1453

-- CVSS: 7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)

-- Affected Vendors: Apple

-- Affected Products: Apple WebKit

-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 11273.

-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4808

-- Disclosure Timeline: 2011-01-21 - Vulnerability reported to vendor 2011-07-27 - Coordinated public release of advisory

-- Credit: This vulnerability was discovered by: * wushi of team509

-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.

Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:

http://www.zerodayinitiative.com

The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.

Our vulnerability disclosure policy is available online at:

http://www.zerodayinitiative.com/advisories/disclosure_policy/

Follow the ZDI on Twitter:

http://twitter.com/thezdi

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201107-0037",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "3.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.3.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "1.2.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "2.0.3"
      },
      {
        "model": "webkit",
        "scope": null,
        "trust": 1.3,
        "vendor": "apple",
        "version": null
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.2b"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.4b"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.3b"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.0b"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1b"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.0b1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.1.0b"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "2.0.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.0b2"
      },
      {
        "model": "safari",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "4.1.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.3.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.0.1"
      },
      {
        "model": "webkit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "*"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.2.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.1.0"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "1.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "3.0.1"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.8 and later"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.8 and later"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "5"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "1.2.5"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "1.2.3"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "1.2.2"
      },
      {
        "model": "open source project webkit r82222",
        "scope": null,
        "trust": 0.3,
        "vendor": "webkit",
        "version": null
      },
      {
        "model": "open source project webkit r77705",
        "scope": null,
        "trust": 0.3,
        "vendor": "webkit",
        "version": null
      },
      {
        "model": "open source project webkit r52833",
        "scope": null,
        "trust": 0.3,
        "vendor": "webkit",
        "version": null
      },
      {
        "model": "open source project webkit r52401",
        "scope": null,
        "trust": 0.3,
        "vendor": "webkit",
        "version": null
      },
      {
        "model": "open source project webkit r51295",
        "scope": null,
        "trust": 0.3,
        "vendor": "webkit",
        "version": null
      },
      {
        "model": "open source project webkit r38566",
        "scope": null,
        "trust": 0.3,
        "vendor": "webkit",
        "version": null
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "1.2.x"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "1.2.2-1"
      },
      {
        "model": "open source project webkit",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webkit",
        "version": "0"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.5"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.5"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.4"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.3"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.2"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.1"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0"
      },
      {
        "model": "safari for windows",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1.8"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "9.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0.2.20"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "8.0"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.2"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.1"
      },
      {
        "model": "itunes",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10"
      },
      {
        "model": "ipod touch",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "iphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ipad",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.0.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.4"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.3"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.9"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.8"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.7"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.6"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.5"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2.10"
      },
      {
        "model": "ios beta",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.2"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4.1"
      },
      {
        "model": "ios",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "4"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.1"
      },
      {
        "model": "safari for windows",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5.0.6"
      },
      {
        "model": "itunes",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "10.5"
      },
      {
        "model": "ios",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "5"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "BID",
        "id": "48855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:apple:safari",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "wushi of team509",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2011-1453",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2011-1453",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "ZDI",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2011-1453",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-49398",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2011-1453",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2011-1453",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "ZDI",
            "id": "CVE-2011-1453",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201107-356",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-49398",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the library\u0027s support of SVG markers. When updating a marker, the application will duplicate the reference of an object without updating it\u0027s reference count. When freeing this object, a use-after-free vulnerability can be made to occur. This can be leveraged by a remote attacker to execute code under the context of the user running the application. WebKit is prone to a remote code-execution vulnerability due to memory corruption.  Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. \nNOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ----------------------------------------------------------------------\n\nThe Secunia Vulnerability Intelligence Manager (VIM) enables you to handle vulnerability threats in a simple, cost effective way. \n\nRead more and request a free trial:\nhttp://secunia.com/products/corporate/vim/\n\n----------------------------------------------------------------------\n\nTITLE:\nApple Safari Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA45325\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/45325/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45325\n\nRELEASE DATE:\n2011-07-22\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/45325/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/45325/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45325\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA weakness and multiple vulnerabilities  have been reported in Apple\nSafari, which can be exploited by malicious people to disclose\nsensitive information, manipulate certain data, conduct cross-site\nscripting and spoofing attacks, bypass certain security restrictions,\nand compromise a user\u0027s system. \n\n1) An error within CFNetwork when handling the \"text/plain\" content\ntype can be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n2) An error within CFNetwork when using the NTLM authentication\nprotocol can be exploited to execute arbitrary code by tricking a\nuser into visiting a specially crafted web page. \n\n3) An error exists within CFNetwork when handling SSL certificates,\nwhich does not properly verify disabled root certificates. This can\nlead to certificates signed by the disabled root certificates being\nvalidated. \n\n4) An integer overflow error exists within the ColorSync component. \n\nFor more information see vulnerability #5 in:\nSA45054\n\n5) An off-by-one error exists within the CoreFoundation framework. \n\nFor more information see vulnerability #6 in:\nSA45054\n\n6) An integer overflow error exists in CoreGraphics. \n\nFor more information see vulnerability #7 in:\nSA45054\n\n7) An error exists within ICU (International Components for\nUnicode). \n\nFor more information see vulnerability #11 in:\nSA45054\n\n8) An error exists in ImageIO within the handling of TIFF files when\nhandling certain uppercase strings. \n\nFor more information see vulnerability #9 in:\nSA45054\n\n9) An error in ImageIO within the handling of CCITT Group 4 encoded\nTIFF image files can be exploited to cause a heap-based buffer\noverflow. \n\n10) A use-after-free error within WebKit when handling TIFF images\ncan result in an invalid pointer being dereferenced when a user views\na specially crafted web page. \n\n11) An error within libxslt can be exploited to disclose certain\naddresses from the heap. \n\nFor more information see vulnerability #2 in:\nSA43832\n\n12) An off-by-one error within libxml when handling certain XML data\ncan be exploited to cause a heap-based buffer overflow. \n\n13) An error in the \"AutoFill web forms\" feature can be exploited to\ndisclose certain information from the user\u0027s Address Book by tricking\na user into visiting a specially crafted web page. \n\n14) A cross-origin error when handling certain fonts in Java Applets\ncan lead to certain text being displayed on other sites. \n\n16) An error within WebKit when handling libxslt configurations can\nbe exploited to create arbitrary files. \n\n17) A cross-origin error when handling Web Workers can lead to\ncertain information being disclosed. \n\n18) A cross-origin error when handling certain URLs containing a\nusername can be exploited to execute arbitrary HTML and script code\nin a user\u0027s browser session in the context of an affected site. \n\n19) A cross-origin error when handling DOM nodes can be exploited to\nexecute arbitrary HTML and script code in a user\u0027s browser session in\nthe context of an affected site. \n\n20) An error within the handling of DOM history objects can be\nexploited to display arbitrary content while showing the URL of a\ntrusted web site in the address bar. \n\n21) An error within the handling of RSS feeds may lead to arbitrary\nfiles from a user\u0027s system being sent to a remote server. \n\n22) A weakness in WebKit can lead to remote DNS prefetching\n\nFor more information see vulnerability #6 in:\nSA42312\n\n23) A use-after-free error within WebKit when processing MathML\nmarkup tags can result in an invalid pointer being dereferenced when\na user views a specially crafted web page. \n\n24) An error within WebKit when parsing a frameset element can be\nexploited to cause a heap-based buffer overflow. \n\n25) A use-after-free error within WebKit when handling XHTML tags can\nresult in an invalid tag pointer being dereferenced when a user views\na specially crafted web page. \n\n26) A use-after-free error within WebKit when handling SVG tags can\nresult in an invalid pointer being dereferenced when a user views a\nspecially crafted web page. \n\nThe weakness and the vulnerabilities are reported in versions prior\nto 5.1 and 5.0.6. \n\nSOLUTION:\nUpdate to version 5.1 or 5.0.6. \n\nPROVIDED AND/OR DISCOVERED BY:\n10) Juan Pablo Lopez Yacubian via iDefense\n4) binaryproof via ZDI\n8) Dominic Chell, NGS Secure\n23, 25, 26) wushi, team509 via iDefense\n24) Jose A. Vazquez via iDefense\n\nThe vendor credits:\n1) Hidetake Jo via Microsoft Vulnerability Research (MSVR) and Neal\nPoole, Matasano Security\n2) Takehiro Takahashi, IBM X-Force Research\n3) An anonymous reporter\n5) Harry Sintonen\n6) Cristian Draghici, Modulo Consulting and Felix Grobert, Google\nSecurity Team\n7) David Bienvenu, Mozilla\n9) Cyril CATTIAUX, Tessi Technologies\n11) Chris Evans, Google Chrome Security Team\n12) Billy Rios, Google Security Team\n13) Florian Rienhardt of BSI, Alex Lambert, and Jeremiah Grossman\n14) Joshua Smith, Kaon Interactive\n16) Nicolas Gregoire, Agarri\n17) Daniel Divricean, divricean.ro\n18) Jobert Abma, Online24\n19) Sergey Glazunov\n20) Jordi Chancel\n21) Jason Hullinger\n22) Mike Cardwell, Cardwell IT\n\nThe vendor provides a bundled list of credits for vulnerabilities in\n#15:\n* David Weston, Microsoft and Microsoft Vulnerability Research\n(MSVR)\n* Yong Li, Research In Motion\n* SkyLined, Google Chrome Security Team\n* Abhishek Arya (Inferno), Google Chrome Security Team\n* Nikita Tarakanov and Alex Bazhanyuk, CISS Research Team\n* J23 via ZDI\n* Rob King via ZDI\n* wushi, team509 via ZDI\n* wushi of team509\n* Adam Barth, Google Chrome Security Team\n* Richard Keen\n* An anonymous researcher via ZDI\n* Rik Cabanier, Adobe Systems\n* Martin Barbella\n* Sergey Glazunov\n* miaubiz\n* Andreas Kling, Nokia\n* Marek Majkowski via iDefense\n* John Knottenbelt, Google\n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4808\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-228/\n\nNGS Secure:\nhttp://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. ZDI-11-240: Apple Safari Webkit SVG Marker Remote Code Execution Vulnerability\n\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-240\n\nJuly 27, 2011\n\n-- CVE ID:\nCVE-2011-1453\n\n-- CVSS:\n7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)\n\n-- Affected Vendors:\nApple\n\n-- Affected Products:\nApple WebKit\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 11273. \n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More\ndetails can be found at:\nhttp://support.apple.com/kb/HT4808\n\n-- Disclosure Timeline:\n2011-01-21 - Vulnerability reported to vendor\n2011-07-27 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n    * wushi of team509\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n    http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n    http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n    http://twitter.com/thezdi\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "BID",
        "id": "48855"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "db": "PACKETSTORM",
        "id": "103250"
      },
      {
        "db": "PACKETSTORM",
        "id": "103482"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-49398",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2011-1453",
        "trust": 3.6
      },
      {
        "db": "SECUNIA",
        "id": "45325",
        "trust": 1.6
      },
      {
        "db": "BID",
        "id": "48855",
        "trust": 1.2
      },
      {
        "db": "ZDI",
        "id": "ZDI-11-240",
        "trust": 1.1
      },
      {
        "db": "SECTRACK",
        "id": "1025816",
        "trust": 0.8
      },
      {
        "db": "OSVDB",
        "id": "74013",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-1021",
        "trust": 0.7
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356",
        "trust": 0.7
      },
      {
        "db": "NSFOCUS",
        "id": "17308",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "17909",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2011-07-20-1",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "103482",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-49398",
        "trust": 0.1
      },
      {
        "db": "ZDI",
        "id": "ZDI-11-228",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "103250",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "db": "BID",
        "id": "48855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "PACKETSTORM",
        "id": "103250"
      },
      {
        "db": "PACKETSTORM",
        "id": "103482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "id": "VAR-201107-0037",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T20:47:51.840000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4808",
        "trust": 1.5,
        "url": "http://support.apple.com/kb/HT4808"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://support.apple.com/kb/ht4808"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2011//jul/msg00002.html"
      },
      {
        "trust": 1.4,
        "url": "http://secunia.com/advisories/45325"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00000.html"
      },
      {
        "trust": 1.1,
        "url": "http://lists.apple.com/archives/security-announce/2011//oct/msg00001.html"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4981"
      },
      {
        "trust": 1.1,
        "url": "http://support.apple.com/kb/ht4999"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1453"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu781747/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1453"
      },
      {
        "trust": 0.8,
        "url": "http://osvdb.org/74013"
      },
      {
        "trust": 0.8,
        "url": "http://www.securityfocus.com/bid/48855"
      },
      {
        "trust": 0.8,
        "url": "http://www.securitytracker.com/id?1025816"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/17308"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/17909"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/safari/download/"
      },
      {
        "trust": 0.3,
        "url": "http://www.webkit.org/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/520068"
      },
      {
        "trust": 0.3,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-11-240/"
      },
      {
        "trust": 0.1,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2011-07/0034.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45325/"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=931"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=933"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=934"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_intelligence/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/products/corporate/vim/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-11-228/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/vulnerability_scanning/personal/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/45325/#comments"
      },
      {
        "trust": 0.1,
        "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=45325"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=930"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=932"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com/advisories/zdi-11-240"
      },
      {
        "trust": 0.1,
        "url": "http://twitter.com/thezdi"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2011-1453"
      },
      {
        "trust": 0.1,
        "url": "http://www.tippingpoint.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.zerodayinitiative.com"
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "db": "BID",
        "id": "48855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "PACKETSTORM",
        "id": "103250"
      },
      {
        "db": "PACKETSTORM",
        "id": "103482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "db": "BID",
        "id": "48855"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "db": "PACKETSTORM",
        "id": "103250"
      },
      {
        "db": "PACKETSTORM",
        "id": "103482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-27T00:00:00",
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "date": "2011-07-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "date": "2011-07-20T00:00:00",
        "db": "BID",
        "id": "48855"
      },
      {
        "date": "2011-08-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "date": "2011-07-21T06:58:31",
        "db": "PACKETSTORM",
        "id": "103250"
      },
      {
        "date": "2011-07-27T21:17:28",
        "db": "PACKETSTORM",
        "id": "103482"
      },
      {
        "date": "2011-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "date": "2011-07-21T23:55:02.597000",
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-07-27T00:00:00",
        "db": "ZDI",
        "id": "ZDI-11-240"
      },
      {
        "date": "2011-10-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-49398"
      },
      {
        "date": "2011-10-12T22:40:00",
        "db": "BID",
        "id": "48855"
      },
      {
        "date": "2011-08-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      },
      {
        "date": "2011-07-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      },
      {
        "date": "2024-11-21T01:26:21.210000",
        "db": "NVD",
        "id": "CVE-2011-1453"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "103482"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple Safari Used in  WebKit Vulnerable to arbitrary code execution",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2011-002080"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201107-356"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.