http://code.google.com/p/chromium/issues/detail?id=71115

http://googlechromereleases.blogspot.com/2011/02/stable-channel-update_28.html

APPLE-SA-2011-07-20-1

APPLE-SA-2011-10-11-1

APPLE-SA-2011-10-12-1

http://support.apple.com/kb/HT4808

http://support.apple.com/kb/HT4981

http://support.apple.com/kb/HT4999

46614

google-chrome-table-rendering-dos(65733)

oval:org.mitre.oval:def:13641

The mobile device is running a version of iOS that is prior to version 5.0. Version 5.0 contains numerous security-related fixes for the following vulnerabilities :

  - Apple iOS Calendar Synchronization SSL Certificate     Validation Information Disclosure Vulnerability     (CVE-2011-3253)

  - Apple iOS Calendar Cross-Site Scripting Vulnerability     (CVE-2011-3254)

  - Apple iOS CFNetwork Information Disclosure Vulnerability     (CVE-2011-3255)

  - Apple iOS and Mac OS X CFNetwork Cross Domain     Information Disclosure Vulnerability (CVE-2011-3246)

  - Apple Mac OS X CoreFoundation Memory Corruption     Vulnerability (CVE-2011-0259)

  - FreeType Font Document Multiple Memory Corruption     Vulnerabilities (CVE-2011-3256)

  - Apple Mac OS X QuickTime Cross-Domain Information     Disclosure Vulnerability (CVE-2011-0187)

  - Apple iOS Mail Cookie Synchronization Validation     Information Disclosure Vulnerability (CVE-2011-3257)

  - An information disclosure vulnerability, known as BEAST,     exists in the SSL 3.0 and TLS 1.0 protocols due to a     flaw in the way the initialization vector (IV) is     selected when operating in cipher-block chaining (CBC)     modes. A man-in-the-middle attacker can exploit this     to obtain plaintext HTTP header data, by using a     blockwise chosen-boundary attack (BCBA) on an HTTPS     session, in conjunction with JavaScript code that uses     the HTML5 WebSocket API, the Java URLConnection API,     or the Silverlight WebClient API. (CVE-2011-3389)

  - Opera Web Browser Information Disclosure Vulnerability

  - Apple iOS Home Screen Information Disclosure     Vulnerability (CVE-2011-3431)

  - libTIFF CCITT Group 4 Encoded TIFF Image Buffer Overflow     Vulnerability (CVE-2011-0192)

  - Apple Safari ImageIO TIFF Image Handling Heap Buffer     Overflow Vulnerability (CVE-2011-0241)

  - Apple Mac OS X ICU Buffer Overflow Vulnerability     (CVE-2011-0206)

  - Apple Kernel TCP Exhaustion Denial of Service     Vulnerability (CVE-2011-3259)

  - Apple Mac OS X IPV6 Socket Options Denial of Service     Vulnerability (CVE-2011-1132)

  - Apple iOS Keyboard Information Disclosure Vulnerability     (CVE-2011-3245)

  - Apple Safari 'libxml' Remote Code Execution     Vulnerability (CVE-2011-0216)

  - Apple iPhone/iPad/iPod Touch prior to iOS 5 Buffer     Overflow Vulnerability (CVE-2011-3260)

  - Apple iPhone/iPad/iPod Touch prior to iOS 5 Remote Code     Execution Vulnerability (CVE-2011-3261)

  - Apple Mac OS X QuickLook Office File Memory Corruption     Vulnerability (CVE-2011-0208)

  - Apple Mac OS X QuickLook Remote Code Execution     Vulnerability (CVE-2011-0184)

  - Apple iPhone/iPad/iPod Touch 'Content-Disposition'     Header Cross-Site Scripting Vulnerability     (CVE-2011-3246)

  - Apple iOS Parental Restrictions Passcode Information     Disclosure Vulnerability (CVE-2011-3249)

  - Apple iOS Insecure Misleading UI Insecure     Configuration Weakness (CVE-2011-3430)

  - Apple iOS Remote Denial of Service Vulnerability     (CVE-2011-3432)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0218)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0221)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0222)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0225)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0232)

  - WebKit FrameOwner Element Memory Corruption Remote     Code Execution Vulnerability (CVE-2011-0233)

  - WebKit Malformed XHTML Tags Use-After-Free     Memory Corruption Vulnerability (CVE-2011-0234)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0235)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0238)

  - WebKit 'NamedNodeMap.cpp' Memory Corruption Remote     Code Execution Vulnerability (CVE-2011-0254)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-0255)

  - Google Chrome prior to 9.0.597.94 Multiple Security     Vulnerabilities (CVE-2011-0981)

  - Google Chrome prior to 9.0.597.107 Multiple Security     Vulnerabilities (CVE-2011-1109)

  - Google Chrome prior to 10.0.648.127 Multiple Security     Vulnerabilities (CVE-2011-1188)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1288)

  - Google Chrome prior to 10.0.648.204 Multiple Security     Vulnerabilities (CVE-2011-1293)

  - Google Chrome prior to 11.0.696.57 Multiple Security     Vulnerabilities (CVE-2011-1449)

  - WebKit MathML Tags Use-After-Free Remote Code Execution     Vulnerability

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1453)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1457)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1462)

  - WebKit Memory Corruption Remote Code Execution     Vulnerability (CVE-2011-1797)

  - WebKit Multiple Unspecified Remote Code Execution     Vulnerabilities (CVE-2011-2338)

  - WebKit Style Sheet Elements Remote Code Execution     Vulnerability (CVE-2011-2341)

  - Google Chrome Prior to 12.0.742.112 Multiple Security     Vulnerabilities (CVE-2011-2351)

  - Google Chrome Prior to 13.0.782.107 Multiple Security     Vulnerabilities (CVE-2011-2359)

  - Google Chrome Prior to 13.0.782.215 Multiple Security     Vulnerabilities (CVE-2011-2823)

  - Mozilla Firefox/Thunderbird/SeaMonkey YARR Remote Code     Execution Vulnerability (CVE-2011-3232)

  - Google Chrome Prior to 14.0.835.163 Multiple Security     Vulnerabilities (CVE-2011-3234)

  - WebKit Embedded URL Cross Domain Scripting Vulnerability     (CVE-2011-0242)

  - WebKit Address Bar URI Spoofing Vulnerability     (CVE-2011-1107)

  - WebKit 'libxslt' Remote Code Execution Vulnerability     (CVE-2011-1774)

  - WebKit 'HTML5' Drag and Drop Cross-Origin Information     Disclosure Vulnerability (CVE-2011-0166)

  - WebKit Inactive DOM Windows Cross Domain Scripting     Vulnerability (CVE-2011-3243)

  - Apple iOS WiFi Credentials Information Disclosure     Vulnerability (CVE-2011-3234)

The version of Apple iTunes on the remote host is prior to version 10.5. It is, therefore, affected by multiple vulnerabilities in the CoreAudio, CoreFoundation, CoreMedia, ColorSync, ImageIO, and WebKit components. Note that these only affect iTunes for Windows.

The version of Apple iTunes installed on the remote Windows host is older than 10.5. Thus, it is reportedly affected by numerous issues in the following components :

  - CoreFoundation
  - ColorSync
  - CoreAudio
  - CoreMedia
  - ImageIO
  - WebKit

According to its banner, the remote Apple iOS device is missing a security update.  Versions of Apple iOS 3.0 through 4.3.5 are affected by vulnerabilities within the following components :

 - CalDAV
 - Calendar
 - CFNetwork
 - CoreFoundation
 - CoreGraphics
 - CoreMedia
 - Data Access - Data Security
 - Home security
 - ImageIO
 - Kernel
 - Keyboards
 - libxml
 - OfficeImport
 - Safari
 - Settings
 - UIKit Alerts
 - WebKit
 - WiFi

The remote host has iTunes installed, a popular media player for Windows and Mac OS. 

Versions of iTunes earlier than 10.5 are potentially affected by numerous issues in the following components :

  - CoreFoundation

  - ColorSync

  - CoreAudio

  - CoreMedia

  - ImageIO

  - WebKit

The version of Safari installed on the remote Windows host is earlier than 5.1.  As such, it is potentially affected by numerous issues in the following components :

  - CFNetwork
  - ColorSync
  - CoreFoundation
  - CoreGraphics
  - International Components for Unicode
  - ImageIO
  - libxslt
  - libxml
  - Safari
  - WebKit

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 11.1. It is, therefore, affected by multiple vulnerabilities as described in the HT4808 security advisory.

The remote host has Safari installed.

Versions of Safari earlier than 5.1 are potentially affected by several issues in the following component :

  - CFNetwork

  - ColorSync

  - CoreFoundation

  - CoreGraphics

  - International Components for Unicode

  - ImageIO

  - libxslt

  - libxml

  - Safari

  - WebKit

The remote host has Safari installed. 

Versions of Safari earlier than 5.1 are potentially affected by several issues in the following component :

  - CFNetwork

  - ColorSync

  - CoreFoundation

  - CoreGraphics

  - International Components for Unicode

  - ImageIO

  - libxslt

  - libxml

  - Safari

  - WebKit

Several vulnerabilities were discovered in the Chromium browser. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2011-1108     Google Chrome before 9.0.597.107 does not properly     implement JavaScript dialogs, which allows remote     attackers to cause a denial of service (application     crash) or possibly have unspecified other impact via a     crafted HTML document.

  - CVE-2011-1109     Google Chrome before 9.0.597.107 does not properly     process nodes in Cascading Style Sheets (CSS)     stylesheets, which allows remote attackers to cause a     denial of service or possibly have unspecified other     impact via unknown vectors that lead to a 'stale     pointer'.

  - CVE-2011-1113     Google Chrome before 9.0.597.107 on 64-bit Linux     platforms does not properly perform pickle     deserialization, which allows remote attackers to cause     a denial of service (out-of-bounds read) via unspecified     vectors.

  - CVE-2011-1114     Google Chrome before 9.0.597.107 does not properly     handle tables, which allows remote attackers to cause a     denial of service or possibly have unspecified other     impact via unknown vectors that lead to a 'stale node'.

  - CVE-2011-1115     Google Chrome before 9.0.597.107 does not properly     render tables, which allows remote attackers to cause a     denial of service or possibly have unspecified other     impact via unknown vectors that lead to a 'stale     pointer'.

  - CVE-2011-1121     Integer overflow in Google Chrome before 9.0.597.107     allows remote attackers to cause a denial of service or     possibly have unspecified other impact via vectors     involving a TEXTAREA element.

  - CVE-2011-1122     The WebGL implementation in Google Chrome before     9.0.597.107 allows remote attackers to cause a denial of     service (out-of-bounds read) via unspecified vectors,     aka Issue 71960.

  - In addition, this upload fixes the following issues     (they don't have a CVE id yet) :

    - Out-of-bounds read in text searching. [69640]
    - Memory corruption in SVG fonts. [72134]

    - Memory corruption with counter nodes. [69628]

    - Stale node in box layout. [70027]

    - Cross-origin error message leak with workers. [70336]

    - Stale pointer in table painting. [72028]

    - Stale pointer with SVG cursors. [73746]

Versions of Google Chrome earlier than 9.0.597.107 are potentially affected by multiple vulnerabilities :

  - An unspecified error exists in the URL bar operations which can allow spoofing attacks. (54262)

  - An unspecified error exists in the processing of JavaScript dialogs. (63732)

  - An unspecified error exists in the processing of CSS nodes which can leave stale pointers in memory. (68263)

  - An unspecified error exists in the processing of key frame rules which can leave stale pointers in memory. (68741)

  - An unspecified error exists in the processing of form controls which can lead to application crashes. (70078)

  - An unspecified error exists in the rendering of SVG animations and other SVG content which can leave stale pointers in memory. (70244, 71296)

  - An unspecified error exists in the processing of tables which can leave stale nodes behind. (71114)

  - An unspecified error exists in the processing of tables which can leave stale pointers in memory. (71115)

  - An unspecified error exists in the processing of XHTML which can leave stale nodes behind. (71386)

  - An unspecified error exists in the processing of textarea elements which can lead to application crashes. (71388)

  - An unspecified error exists in the processing of device orientation which can leave stale pointers in memory. (71595)

  - An unspecified error exists in WebGL which allows out-of-bounds memory accesses. (71717, 71960)

  - An integer overflow exists in the processing of textarea elements which can lead to application crashes. (71855)

  - A use-after-free error exists in the processing of blocked plugins. (72437)

  - An unspecified error exists int he processing of layouts which can leave stale pointers in memory. (73235)

The version of Google Chrome installed on the remote host is earlier than 9.0.597.107.  Such versions are reportedly affected by multiple vulnerabilities :

  - An unspecified error exists in the URL bar operations     which can allow spoofing attacks. (Issue #54262)

  - An unspecified error exists in the processing of     JavaScript dialogs. (Issue #63732)

  - An unspecified error exists in the processing of CSS     nodes which can leave stale pointers in memory.
    (Issue #68263)

  - An unspecified error exists in the processing of key     frame rules which can leave stale pointers in memory.
    (Issue #68741)

  - An unspecified error exists in the processing of form     controls which can lead to application crashes.
    (Issue #70078)

  - An unspecified error exists in the rendering of SVG     animations and other SVG content which can leave stale     pointers in memory. (Issue #70244, #71296)

  - An unspecified error exists in the processing of tables     which can leave stale nodes behind. (Issue #71114)

  - An unspecified error exists in the processing of tables     which can leave stale pointers in memory. (Issue #71115)

  - An unspecified error exists in the processing of XHTML     which can leave stale nodes behind. (Issue #71386)

  - An unspecified error exists in the processing of     textarea elements which can lead to application     crashes. (Issue #71388)

  - An unspecified error exists in the processing of device     orientation which can leave stale pointers in memory.
    (Issue #71595)

  - An unspecified error exists in WebGL which allows     out-of-bounds memory accesses. (Issue #71717, #71960)

  - An integer overflow exists in the processing of     textarea elements which can lead to application     crashes. (Issue #71855)

  - An unspecified error exists which exposes internal     extension functions. (Issue #72214)

  - A use-after-free error exists in the processing of     blocked plugins. (Issue #72437)

  - An unspecified error exists in the processing of     layouts which can leave stale pointers in memory.
    (Issue #73235)

ID	Name	Product	Family	Severity
60026	Apple iOS < 5.0 Multiple Vulnerabilities (BEAST)	Nessus	Mobile Devices	critical
56470	Apple iTunes < 10.5 Multiple Vulnerabilities (uncredentialed check)	Nessus	Peer-To-Peer File Sharing	high
56469	Apple iTunes < 10.5 Multiple Vulnerabilities (credentialed check)	Nessus	Windows	high
6041	Apple iOS < 5.0 Multiple Vulnerabilities	Nessus Network Monitor	Mobile Devices	high
6037	iTunes < 10.5 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
55639	Safari < 5.1 Multiple Vulnerabilities	Nessus	Windows	high
55638	Mac OS X : Apple Safari < 5.1 / 5.0.6	Nessus	MacOS X Local Security Checks	high
800988	Safari < 5.1 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
5992	Safari < 5.1 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
52621	Debian DSA-2189-1 : chromium-browser - several vulnerabilities	Nessus	Debian Local Security Checks	high
800958	Google Chrome < 9.0.597.107 Multiple Vulnerabilities	Log Correlation Engine	Web Clients	high
52501	Google Chrome < 9.0.597.107 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2011-1115

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins