CVE-2014-1300
(Pwn2Own\Pwn4Fun) Apple Webkit JSStringJoiner Memory Corruption Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote attackers to execute arbitrary code with root privileges via unknown vectors, as demonstrated by Google during a Pwn4Fun competition at CanSecWest 2014.
Vulnerabilidad no especificada en Apple Safari 7.0.2 en OS X permite a atacantes remotos ejecutar código arbitrario con privilegios root a través de vectores desconocidos, como fue demostrado por Google durante una competición Pwn4Fun en CanSecWest 2014.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of string objects. The issue lies in the joining of strings in an array. An attacker can leverage this vulnerability to execute code under the context of the current process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-01-08 CVE Reserved
- 2014-03-26 CVE Published
- 2024-08-06 CVE Updated
- 2024-10-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://twitter.com/thezdi/statuses/443796547872903168 | X_refsource_misc | |
| http://www.pwn2own.com/2014/03/pwn2own-results-for-wednesday-day-one | X_refsource_misc | |
| https://support.apple.com/kb/HT6537 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html | 2016-12-08 | |
| http://archives.neohapsis.com/archives/bugtraq/2014-04/0135.html | 2016-12-08 | |
| http://archives.neohapsis.com/archives/bugtraq/2014-04/0136.html | 2016-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 7.0.2 Search vendor "Apple" for product "Safari" and version "7.0.2" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | * | - |
Safe
|