CVE-2011-1290

HIGH

Description

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

References

http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html

http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html

http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html

http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html

http://osvdb.org/71182

http://secunia.com/advisories/43735

http://secunia.com/advisories/43748

http://secunia.com/advisories/43782

http://secunia.com/advisories/44151

http://secunia.com/advisories/44154

http://support.apple.com/kb/HT4596

http://support.apple.com/kb/HT4607

http://www.blackberry.com/btsc/KB26132

http://www.debian.org/security/2011/dsa-2192

http://www.securityfocus.com/archive/1/517513/100/0/threaded

http://www.securityfocus.com/bid/46849

http://www.securitytracker.com/id?1025212

http://www.vupen.com/english/advisories/2011/0645

http://www.vupen.com/english/advisories/2011/0654

http://www.vupen.com/english/advisories/2011/0671

http://www.vupen.com/english/advisories/2011/0984

http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401

http://www.zerodayinitiative.com/advisories/ZDI-11-104

https://exchange.xforce.ibmcloud.com/vulnerabilities/66052

Details

Source: MITRE

Published: 2011-03-11

Updated: 2018-10-09

Type: CWE-189

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
64202SuSE 11.2 Security Update : libwebkit (SAT Patch Number 7114)NessusSuSE Local Security Checks
critical
5894iTunes < 10.2.2 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
53489Apple iTunes < 10.2.2 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
high
53488Apple iTunes < 10.2.2 Multiple (credentialed check)NessusWindows
high
5889Apple iOS 4.2.5 and 4.2.6 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
5888Apple iOS < 4.3.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
53411Safari < 5.0.5 Multiple VulnerabilitiesNessusWindows
high
53410Mac OS X : Apple Safari < 5.0.5NessusMacOS X Local Security Checks
high
52674Debian DSA-2192-1 : chromium-browser - several vulnerabilitiesNessusDebian Local Security Checks
critical
800907Google Chrome < 10.0.648.133 Code Execution VulnerabilityLog Correlation EngineWeb Clients
high
5818Google Chrome < 10.0.648.133 Code ExecutionNessus Network MonitorWeb Clients
high
52657Google Chrome < 10.0.648.133 Code ExecutionNessusWindows
high
801002Safari < 5.0.5 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
5890Safari < 5.0.5 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
51069FreeBSD : chromium -- multiple vulnerabilities (6887828f-0229-11e0-b84d-00262d5ed8ee)NessusFreeBSD Local Security Checks
critical