CVE-2011-1290
Summary
| CVE | CVE-2011-1290 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-03-11 21:57:00 UTC |
| Updated | 2018-10-09 19:30:00 UTC |
| Description | Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. |
Risk And Classification
Problem Types: CWE-189
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apple | Webkit | All | All | All | All |
| Application | Apple | Webkit | All | All | All | All |
| Hardware | Rim | Blackberry Torch 9800 | All | All | All | All |
| Hardware | Rim | Blackberry Torch 9800 | All | All | All | All |
| Application | Rim | Blackberry Torch 9800 Firmware | 6.0.0.246 | All | All | All |
| Application | Rim | Blackberry Torch 9800 Firmware | 6.0.0.246 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| BlackBerry Device Software WebKit Multiple Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| APPLE-SA-2011-04-14-1 iOS 4.3.2 Software Update | APPLE | lists.apple.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| About the security content of iOS 4.2.7 Software Update for iPhone | CONFIRM | support.apple.com | |
| WebKit Style Handling Memory Corruption Vulnerability | BID | www.securityfocus.com | |
| About the security content of Safari 5.0.5 | CONFIRM | support.apple.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Blackberry Device Software Bug in WebKit Lets Remote Users Execute Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Debian update for chromium-browser - Advisories - Community | SECUNIA | secunia.com | Vendor Advisory |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| Pwn2Own 2011: BlackBerry falls to WebKit browser attack | ZDNet | MISC | www.zdnet.com | |
| Google Chrome Nodesets Handling Integer Overflow Vulnerability - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Chrome Releases: Stable and Beta Channel Updates | CONFIRM | googlechromereleases.blogspot.com | |
| KB26132-Vulnerabilities in WebKit browser engine impact BlackBerry 6 | CONFIRM | www.blackberry.com | |
| 71182 | OSVDB | osvdb.org | |
| Debian -- Security Information -- DSA-2192-1 chromium-browser | DEBIAN | www.debian.org | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| APPLE-SA-2011-04-14-2 iOS 4.2.7 Software Update for iPhone | APPLE | lists.apple.com | |
| Apple Safari Two Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | Vendor Advisory |
| APPLE-SA-2011-04-14-3 Safari 5.0.5 | APPLE | lists.apple.com | |
| Apple iOS for iPhone 4 (CDMA) Multiple Vulnerabilities - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Threat Intelligence | Digital Vaccine® | ThreatLinQ | Trend Micro | MISC | dvlabs.tippingpoint.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.