Lucene search
KEENTeamZDI-13-286HistoryDec 20, 2013 - 12:00 a.m.
(Mobile Pwn2Own) Apple iOS Safari DocumentOrderedMap Remote Code Execution Vulnerability
2013-12-2000:00:00
KEENTeam
www.zerodayinitiative.com
13
0.031 Low
EPSS
Percentile
91.2%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of WebCore::DocumentOrderedMap objects. By manipulating a document’s elements an attacker can free arbitrary memory and force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
References
Related
ubuntucve
ubuntucve
CVE-2013-5228
2013-12-18 00:00:00
nvd
nvd
CVE-2013-5228
2013-12-18 16:04:33
cvelist
cvelist
CVE-2013-5228
2013-12-18 11:00:00
cve
cve
CVE-2013-5228
2013-12-18 16:04:33
prion
prion
Memory corruption
2013-12-18 16:04:00
threatpost
threatpost
Apple Fixes Security in WebKit, SAfari
2013-12-17 11:45:10
openvas
openvas
Apple Safari Multiple Vulnerabilities (Dec 2013) - Mac OS X
2013-12-24 00:00:00
securityvulns
securityvulns
APPLE-SA-2013-12-16-1 Safari 6.1.1 and Safari 7.0.1
2013-12-24 00:00:00
APPLE-SA-2014-03-10-2 Apple TV 6.1
2014-03-13 00:00:00
APPLE-SA-2014-03-10-1 iOS 7.1
2014-03-13 00:00:00
nessus
nessus
Mac OS X : Apple Safari < 6.1.1 / 7.0.1 Multiple Vulnerabilities
2013-12-17 00:00:00
Safari < 6.1.1 / 7.0.1 Multiple Vulnerabilities
2014-01-09 00:00:00
Apple TV < 6.1 Multiple Vulnerabilities
2014-03-12 00:00:00