Lucene search
Kai Kang(a.k.a 4B5F5F4B) of Tencent's Xuanwu LAB(http://www.tencent.com)ZDI-17-344HistoryMay 15, 2017 - 12:00 a.m.
Apple Safari RenderLayer Use-After-Free Remote Code Execution Vulnerability
2017-05-1500:00:00
Kai Kang(a.k.a 4B5F5F4B) of Tencent's Xuanwu LAB(http://www.tencent.com)
www.zerodayinitiative.com
24
EPSS
0.013
Percentile
85.8%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RenderLayer objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process.
References
Related
cve
cve
CVE-2017-2525
2017-05-22 05:29:01
ubuntucve
ubuntucve
CVE-2017-2525
2017-05-22 00:00:00
prion
prion
Memory corruption
2017-05-22 05:29:00
cvelist
cvelist
CVE-2017-2525
2017-05-22 04:54:00
nvd
nvd
CVE-2017-2525
2017-05-22 05:29:01
debiancve
debiancve
CVE-2017-2525
2017-05-22 05:29:01
nessus
nessus
Apple TV < 10.2.1 Multiple Vulnerabilities
2017-05-17 00:00:00
macOS : Apple Safari < 10.1.1 Multiple Vulnerabilities
2017-05-23 00:00:00
Apple iOS < 10.3.2 Multiple Vulnerabilities
2017-05-18 00:00:00
openvas
openvas
Apple Safari Multiple Vulnerabilities (HT207804)
2017-05-16 00:00:00
apple
apple
About the security content of Safari 10.1.1
2017-05-15 00:00:00
About the security content of Safari 10.1.1 - Apple Support
2017-06-26 04:38:16
About the security content of tvOS 10.2.1 - Apple Support
2017-06-21 08:52:03
gentoo
gentoo
WebKitGTK+: Multiple vulnerabilities
2017-06-07 00:00:00