CVE-2011-0154

WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html	Vendor Advisory Mailing List
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html	Vendor Advisory Mailing List
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html	Patch Vendor Advisory Mailing List
http://support.apple.com/kb/HT4554	Vendor Advisory
http://support.apple.com/kb/HT4564	Vendor Advisory
http://support.apple.com/kb/HT4566	Vendor Advisory Broken Link
http://www.zerodayinitiative.com/advisories/ZDI-11-101	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17308	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

History

23 Jun 2021, 14:31

Type	Values Removed	Values Added
CVSS	v2 : ~~7.6~~ v3 : ~~unknown~~	v2 : 5.1 v3 : unknown
References	~~(APPLE) http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html - Vendor Advisory~~	(APPLE) http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html - Vendor Advisory, Mailing List
References	~~(APPLE) http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html - Patch, Vendor Advisory~~	(APPLE) http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html - Patch, Vendor Advisory, Mailing List
References	~~(CONFIRM) http://support.apple.com/kb/HT4566 - Vendor Advisory~~	(CONFIRM) http://support.apple.com/kb/HT4566 - Vendor Advisory, Broken Link
References	~~(APPLE) http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html - Vendor Advisory~~	(APPLE) http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html - Vendor Advisory, Mailing List
References	~~(MISC) http://www.zerodayinitiative.com/advisories/ZDI-11-101 -~~	(MISC) http://www.zerodayinitiative.com/advisories/ZDI-11-101 - Third Party Advisory, VDB Entry
References	~~(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17308 -~~	(OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17308 - Third Party Advisory
CPE	cpe:2.3:a:apple:itunes:6.0.5:::::::* cpe:2.3:a:apple:itunes:10.1:::::::* cpe:2.3:a:apple:itunes:9.0.3:::::::* cpe:2.3:a:apple:itunes:7.3.2:::::::* cpe:2.3:a:apple:itunes:9.0.2:::::::* cpe:2.3:a:apple:itunes:9.0.0:::::::* cpe:2.3:a:apple:itunes:7.6.0:::::::* cpe:2.3:a:apple:itunes:9.2:::::::* cpe:2.3:a:apple:itunes:8.1.1:::::::* cpe:2.3:a:apple:itunes:7.1.0:::::::* cpe:2.3:a:apple:itunes:8.0.2:::::::* cpe:2.3:a:apple:itunes:7.0.1:::::::* cpe:2.3:a:apple:itunes:4.1.0:::::::* cpe:2.3:a:apple:itunes:4.9.0:::::::* cpe:2.3:a:apple:itunes:8.0.1:::::::* cpe:2.3:a:apple:itunes:4.6.0:::::::* cpe:2.3:a:apple:itunes:10.1.1:::::::* cpe:2.3:a:apple:itunes:6.0.4:::::::* cpe:2.3:o:microsoft:windows:::::::: cpe:2.3:a:apple:itunes:6.0.0:::::::* cpe:2.3:a:apple:itunes:7.6:::::::* cpe:2.3:a:apple:itunes:8.2:::::::* cpe:2.3:a:apple:itunes:4.8.0:::::::* cpe:2.3:a:apple:itunes:5.0.1:::::::* cpe:2.3:a:apple:itunes:10.0:::::::* cpe:2.3:a:apple:itunes:6.0.2:::::::* cpe:2.3:a:apple:itunes:4.0.1:::::::* cpe:2.3:a:apple:itunes:7.4.1:::::::* cpe:2.3:a:apple:itunes:5.0:::::::* cpe:2.3:a:apple:itunes:7.4.3:::::::* cpe:2.3:a:apple:itunes:4.5:::::::* cpe:2.3:a:apple:itunes:9.2.1:::::::* cpe:2.3:a:apple:itunes:4.5.0:::::::* cpe:2.3:a:apple:itunes:7.3.0:::::::* cpe:2.3:a:apple:itunes:8.0.0:::::::* cpe:2.3:a:apple:itunes:7.7:::::::* cpe:2.3:a:apple:itunes:4.2.0:::::::* cpe:2.3:a:apple:itunes:4.7.0:::::::* cpe:2.3:a:apple:itunes:4.7:::::::* cpe:2.3:a:apple:itunes:8.1:::::::* cpe:2.3:a:apple:itunes:9.0.1:::::::* cpe:2.3:a:apple:itunes:7.1.1:::::::* cpe:2.3:a:apple:itunes:7.5:::::::* cpe:2.3:a:apple:itunes:8.2.1:::::::* cpe:2.3:a:apple:itunes:7.0.2:::::::* cpe:2.3:a:apple:itunes:6.0.1:::::::* cpe:2.3:a:apple:itunes:7.5.0:::::::* cpe:2.3:a:apple:itunes:7.6.1:::::::* cpe:2.3:a:apple:itunes:4.7.1:::::::* cpe:2.3:a:apple:itunes:7.7.0:::::::* cpe:2.3:a:apple:itunes:7.2.0:::::::* cpe:2.3:a:apple:itunes:7.7.1:::::::* cpe:2.3:a:apple:itunes:4.6:::::::* cpe:2.3:a:apple:itunes:7.4.2:::::::* cpe:2.3:a:apple:itunes:7.4.0:::::::* cpe:2.3:a:apple:itunes:10.0.1:::::::* cpe:2.3:a:apple:itunes:7.3.1:::::::* cpe:2.3:a:apple:itunes:4.0.0:::::::* cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:a:apple:itunes:6.0.4.2:::::::* cpe:2.3:a:apple:itunes:6.0.3:::::::* cpe:2.3:a:apple:itunes:4.7.2:::::::* cpe:2.3:a:apple:itunes:7.6.2:::::::* cpe:2.3:a:apple:itunes:7.0.0:::::::* cpe:2.3:a:apple:itunes:7.4:::::::* cpe:2.3:a:apple:itunes:5.0.0:::::::*	cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:o:apple:iphone_os:-:::::::*

Information

Published : 2011-03-03 20:00

Updated : 2024-02-04 17:54

NVD link : CVE-2011-0154

Mitre link : CVE-2011-0154

CVE.ORG link : CVE-2011-0154

JSON object : View

Products Affected

microsoft

windows

apple

iphone_os
itunes

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

5.1 /10