QwikSec

Security Database

CVE

CWE

Training

CVE-2011-0115

Published: Mar 3, 2011

Modified: Aug 6, 2024

PUBLISHED

Description

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.zerodayinitiative.com/advisories/ZDI-11-096

x_refsource_MISC

http://support.apple.com/kb/HT4564

x_refsource_CONFIRM

http://support.apple.com/kb/HT4566

x_refsource_CONFIRM

APPLE-SA-2011-03-02-1

vendor-advisory

x_refsource_APPLE

APPLE-SA-2011-03-09-1

vendor-advisory

x_refsource_APPLE

http://support.apple.com/kb/HT4554

x_refsource_CONFIRM

APPLE-SA-2011-03-09-2

vendor-advisory

x_refsource_APPLE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.