Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-0154

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2011-0154
Last Modified 02 Nov 2013 11:08:51
Published 03 Mar 2011 03:00:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-0154

Summary

WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Vulnerable Systems

Operating System

  • Apple Iphone Os

Application

  • Apple Itunes 10.0

  • Apple Itunes 10.0.1

  • Apple Itunes 10.1

  • Apple Itunes 10.1.1

  • Apple Itunes 10.1.2

  • Apple Itunes 4.0.0

  • Apple Itunes 4.0.1

  • Apple Itunes 4.1.0

  • Apple Itunes 4.2.0

  • Apple Itunes 4.5

  • Apple Itunes 4.5.0

  • Apple Itunes 4.6

  • Apple Itunes 4.6.0

  • Apple Itunes 4.7

  • Apple Itunes 4.7.0

  • Apple Itunes 4.7.1

  • Apple Itunes 4.7.2

  • Apple Itunes 4.8.0

  • Apple Itunes 4.9.0

  • Apple Itunes 5.0

  • Apple Itunes 5.0.0

  • Apple Itunes 5.0.1

  • Apple Itunes 6.0.0

  • Apple Itunes 6.0.1

  • Apple Itunes 6.0.2

  • Apple Itunes 6.0.3

  • Apple Itunes 6.0.4

  • Apple Itunes 6.0.4.2

  • Apple Itunes 6.0.5

  • Apple Itunes 7.0.0

  • Apple Itunes 7.0.1

  • Apple Itunes 7.0.2

  • Apple Itunes 7.1.0

  • Apple Itunes 7.1.1

  • Apple Itunes 7.2.0

  • Apple Itunes 7.3.0

  • Apple Itunes 7.3.1

  • Apple Itunes 7.3.2

  • Apple Itunes 7.4

  • Apple Itunes 7.4.0

  • Apple Itunes 7.4.1

  • Apple Itunes 7.4.2

  • Apple Itunes 7.4.3

  • Apple Itunes 7.5

  • Apple Itunes 7.5.0

  • Apple Itunes 7.6

  • Apple Itunes 7.6.0

  • Apple Itunes 7.6.1

  • Apple Itunes 7.6.2

  • Apple Itunes 7.7

  • Apple Itunes 7.7.0

  • Apple Itunes 7.7.1

  • Apple Itunes 8.0.0

  • Apple Itunes 8.0.1

  • Apple Itunes 8.0.2

  • Apple Itunes 8.1

  • Apple Itunes 8.1.1

  • Apple Itunes 8.2

  • Apple Itunes 8.2.1

  • Apple Itunes 9.0.0

  • Apple Itunes 9.0.1

  • Apple Itunes 9.0.2

  • Apple Itunes 9.0.3

  • Apple Itunes 9.2

  • Apple Itunes 9.2.1

  • Apple Webkit


References

APPLE - APPLE-SA-2011-03-02-1

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-101

CONFIRM - http://support.apple.com/kb/HT4566

CONFIRM - http://support.apple.com/kb/HT4564

CONFIRM - http://support.apple.com/kb/HT4554

APPLE - APPLE-SA-2011-03-09-2

APPLE - APPLE-SA-2011-03-09-1

Related Patches

Apple 2011-03-09 Safari Update 5.0.4 (Snow Leopard)

Apple 2011-03-09 Safari Update 5.0.4 (Leopard)


Last Updated: 27 May 2016 10:42:31