Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1290

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2011-1290
Last Modified 11 Oct 2011 12:00:00
Published 11 Mar 2011 04:57:16
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1290

Summary

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

Vulnerable Systems

Application

  • Apple Webkit

  • Rim Blackberry Torch 9800 Firmware 6.0.0.246


References

XF - google-webkit-style-code-execution(66052)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-11-104

MISC - http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401

VUPEN - ADV-2011-0984

VUPEN - ADV-2011-0671

VUPEN - ADV-2011-0654

VUPEN - ADV-2011-0645

SECTRACK - 1025212

BID - 46849

BUGTRAQ - 20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerability

DEBIAN - DSA-2192

CONFIRM - http://www.blackberry.com/btsc/KB26132

CONFIRM - http://support.apple.com/kb/HT4607

CONFIRM - http://support.apple.com/kb/HT4596

SECUNIA - 44154

SECUNIA - 44151

SECUNIA - 43782

SECUNIA - 43748

SECUNIA - 43735

OSVDB - 71182

APPLE - APPLE-SA-2011-04-14-3

APPLE - APPLE-SA-2011-04-14-2

APPLE - APPLE-SA-2011-04-14-1

CONFIRM - http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html

MISC - http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

Related Patches

Apple 2011-04-14 Safari Update 5.0.5 (Leopard)

Apple 2011-04-14 Safari Update 5.0.5 (Snow Leopard)

Novell SUSE 2012:7114 libwebkit security update for SLED 11 SP2 i586

Novell SUSE 2012:7114 libwebkit security update for SLED 11 SP2 x86_64


Last Updated: 27 May 2016 10:56:16