Lucene search

AppleCVE-2014-1303

HistoryMar 26, 2014 - 2:55 p.m.

CVE-2014-1303

2014-03-2614:55:05

CWE-119

apple

web.nvd.nist.gov

cve-2014-1303

apple safari

buffer overflow

remote code execution

sandbox bypass

nvd

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.268

Percentile

96.8%

JSON

Heap-based buffer overflow in Apple Safari 7.0.2 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors, as demonstrated by Liang Chen during a Pwn2Own competition at CanSecWest 2014.

Affected configurations

Nvd

Node

applesafariMatch7.0.2

VendorProductVersionCPE
applesafari7.0.2cpe:/a:apple:safari:7.0.2:::

Vendor	Product	Version	CPE
apple	safari	7.0.2	cpe:/a:apple:safari:7.0.2:::

References

archives.neohapsis.com/archives/bugtraq/2014-04/0009.html

archives.neohapsis.com/archives/bugtraq/2014-04/0135.html

archives.neohapsis.com/archives/bugtraq/2014-04/0136.html

twitter.com/thezdi/statuses/444157530139136000

www.pwn2own.com/2014/03/pwn2own-results-thursday-day-two/

support.apple.com/kb/HT6537

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.268

Percentile

96.8%

JSON

Related for CVE-2014-1303