← Voltar para CVEs
CVE-2011-0115
N/ADescricao
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado3/3/2011
Ultima modificacao4/29/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
apple:itunesapple:safariapple:webkitmicrosoft:windowsmicrosoft:windows_7microsoft:windows_vistamicrosoft:windows_xp
Fraquezas (CWE)
CWE-119
Referencias
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html(product-security@apple.com)
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html(product-security@apple.com)
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html(product-security@apple.com)
http://support.apple.com/kb/HT4554(product-security@apple.com)
http://support.apple.com/kb/HT4564(product-security@apple.com)
http://support.apple.com/kb/HT4566(product-security@apple.com)
http://www.zerodayinitiative.com/advisories/ZDI-11-096(product-security@apple.com)
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4554(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4564(af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4566(af854a3a-2127-422b-91ae-364da2661108)
http://www.zerodayinitiative.com/advisories/ZDI-11-096(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.