Lucene search
Wushi of team509ZDI-11-099HistoryMar 02, 2011 - 12:00 a.m.
Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
2011-03-0200:00:00
wushi of team509
www.zerodayinitiative.com
19
0.016 Low
EPSS
Percentile
87.5%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari’s Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application handles floating blocks in certain situations. When performing layout operations for a floating block produced by a pseudo-element, the application will attempt to access glyph data that hasn’t been fully assigned into the glyph data hashmap. Due to this type being incomplete, this can lead to code execution under the context of the application.
References
Related
cvelist
cvelist
CVE-2011-0133
2011-03-03 19:00:00
ubuntucve
ubuntucve
CVE-2011-0133
2011-03-03 00:00:00
cve
cve
CVE-2011-0133
2011-03-03 20:00:01
prion
prion
Memory corruption
2011-03-03 20:00:00
nvd
nvd
CVE-2011-0133
2011-03-03 20:00:01
securityvulns
securityvulns
About the security content of iTunes 10.2
2011-03-03 00:00:00
About the security content of Safari 5.0.4
2011-03-15 00:00:00
openvas
openvas
Apple iTunes Multiple Vulnerabilities - Mar11
2011-03-10 00:00:00
Apple iTunes Multiple Vulnerabilities (HT4554)
2011-03-10 00:00:00
Apple Safari Multiple Vulnerabilities (Mar 2011) - Mac OS X
2011-08-12 00:00:00
nessus
nessus
Apple iTunes < 10.2 Multiple Vulnerabilities (credentialed check)
2011-03-03 00:00:00
Apple iTunes < 10.2 Multiple Vulnerabilities (uncredentialed check)
2011-03-03 00:00:00
Mac OS X : Apple Safari < 5.0.4
2011-03-10 00:00:00