CVE-2011-0133 – Apple Webkit Font Glyph Layout Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0133
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly access glyph data during layout actions for floating blocks associated with pseudo-elements, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows, no accede correctamente a los datos glifo durante las acciones de diseño para los bloques flotantes asociadas a los pseudo-elementos, lo que permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y caída de la aplicación)a través de vectores relacionados con la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the application handles floating blocks in certain situations. When performing layout operations for a floating block produced by a pseudo-element, the application will attempt to access glyph data that hasn't been fully assigned into the glyph data hashmap. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.zerodayinitiative.com/advisories/ZDI-11-099 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17072 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0115 – Apple Safari WebKit Range Object Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0115
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. El nivel 2 de DOM en su implementación en WebKit, utilizado en el iTunes de Apple anterior a la v10.2 en Windows y Apple Safari, no controla correctamente las manipulaciones DOM asociadas con a los eventos de escucha durante el procesamiento de un rango de objetos, lo que permite a los atacantes de hombre en medio (man-in-the-middle) ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores relacionados con la navegación por la iTunes Store, una vulnerabilidad diferente de otros CVEs listados en APPLE-SA-2011-03-02-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari's WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how WebKit processes a range object as defined with the DOM level 2 specification. When processing the contents of a range, WebKit will fail to accommodate for manipulation of the DOM due to an event listener. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.zerodayinitiative.com/advisories/ZDI-11-096 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0149 – Apple Webkit Root HTMLBRElement Style Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0149
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows, no implementa correctamente el análisis de elementos HTML asociados con los nombres de espacio de documentos, lo que permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación)a través de vectores relacionados con un "dangling pointer" y la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses a specially formatted HTML file. When parsing a particular element that also defines the namespace of the document, the library will call a dangling pointer which is consistent but unmapped. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.zerodayinitiative.com/advisories/ZDI-11-100 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17241 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0154 – Apple iPhone Webkit Library Javascript Array sort Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0154
WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit, tal como se utiliza en el iTunes de Apple antes de v10.2 para Windows y Apple OS, no implementa correctamente la función .sort para matrices de JavaScript, lo que permite a los atacantes "man-in-the-middle" ejecutar código de su elección o causar una denegación de servicio (corrupción de memoria y bloqueo de la aplicación)a través de vectores relacionados con la navegación de la tienda iTunes, una vulnerabilidad diferente a los CVE listados en APPLE-SA-2011-03-02-1. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's iPhone Webkit library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the library implements the .sort function for an array. The library will trust the implementation of a particular method which when executed can be used to manipulate elements out from underneath it. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.zerodayinitiative.com/advisories/ZDI-11-101 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17308 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2011-0116 – Apple Webkit setOuterText Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0116
Use-after-free vulnerability in the setOuterText method in the htmlelement library in WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to DOM manipulations during iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. Vulnerabilidad usar después de usar (use-after-free) en el método setOuterText en la librería htmlelement en WebKit, tal como se utiliza en el iTunes de Apple anterior a v10.2 en Windows, permitiendo a atacantes de hombre en medio (man-in-the-middle) ejecutar código arbitrario o causar una denegación de servicio ( orrupción de memoria y caída de la aplicación) a través de vectores relacionados con manipulaciones DOM durante la navegación por la iTunes Store, una vulnerabilidad diferente de otros CVEs listados en APPLE-SA-2011-03-02-1 This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the setOuterText method of the Webkit htmlelement library. Due to a failure to properly track DOM manipulations made within the browser, it is possible to make use of a previously freed pointer and facilitate remote code execution under the context of the user running the browser process. • http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://support.apple.com/kb/HT4554 http://support.apple.com/kb/HT4564 http://support.apple.com/kb/HT4566 http://www.zerodayinitiative.com/advisories/ZDI-11-097 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17220 • CWE-399: Resource Management Errors •