Lucene search
Vupen SecurityZDI-11-135HistoryApr 14, 2011 - 12:00 a.m.
(Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability
2011-04-1400:00:00
Vupen Security
www.zerodayinitiative.com
26
EPSS
0.043
Percentile
92.4%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a ‘removeChild’ call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user.
Related
cve
cve
CVE-2011-1344
2011-03-10 20:55:01
nvd
nvd
CVE-2011-1344
2011-03-10 20:55:01
ubuntucve
ubuntucve
CVE-2011-1344
2011-03-10 00:00:00
prion
prion
Design/Logic Flaw
2011-03-10 20:55:00
cvelist
cvelist
CVE-2011-1344
2011-03-10 20:00:00
securityvulns
securityvulns
VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)
2011-04-19 00:00:00
ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerability
2011-04-19 00:00:00
Apple WebKit / Safari multiple security vulnerabilities
2011-04-21 00:00:00
nessus
nessus
iTunes < 10.2.2 Multiple Vulnerabilities
2011-04-19 00:00:00
Apple iTunes < 10.2.2 Multiple Vulnerabilities (uncredentialed check)
2011-04-19 00:00:00
Mac OS X : Apple Safari < 5.0.5
2011-04-14 00:00:00
openvas
openvas
Apple iTunes Arbitrary Code Execution Vulnerability - Mac OS X
2011-08-29 00:00:00
Apple iTunes Arbitrary Code Execution Vulnerability (Mac OS X)
2011-08-29 00:00:00
Apple Safari Multiple Vulnerabilities - April 2011 (Mac OS X)
2011-08-12 00:00:00