← Back to CVEs
CVE-2011-0149
N/ADescription
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVE Details
CVSS v3.1 ScoreN/A
Published3/3/2011
Last Modified4/29/2026
Sourcenvd
Honeypot Sightings0
Affected Products
apple:itunesapple:webkitmicrosoft:windowsmicrosoft:windows_7microsoft:windows_vistamicrosoft:windows_xp
Weaknesses (CWE)
CWE-119
References
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html(product-security@apple.com)
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html(product-security@apple.com)
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html(product-security@apple.com)
http://support.apple.com/kb/HT4554(product-security@apple.com)
http://support.apple.com/kb/HT4564(product-security@apple.com)
http://support.apple.com/kb/HT4566(product-security@apple.com)
http://www.zerodayinitiative.com/advisories/ZDI-11-100(product-security@apple.com)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17241(product-security@apple.com)
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4554(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4564(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4566(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-11-100(af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17241(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.