WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability
BID:51032
Info
WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability
| Bugtraq ID: | 51032 |
| Class: | Design Error |
| CVE: |
CVE-2011-2341 |
| Remote: | Yes |
| Local: | No |
| Published: | Oct 11 2011 12:00AM |
| Updated: | Oct 11 2011 12:00AM |
| Credit: | wushi of team509 |
| Vulnerable: |
WebKit Open Source Project WebKit 1.2.5 WebKit Open Source Project WebKit 1.2.3 WebKit Open Source Project WebKit 1.2.2 WebKit Open Source Project WebKit r82222 WebKit Open Source Project WebKit r77705 WebKit Open Source Project WebKit r52833 WebKit Open Source Project WebKit r52401 WebKit Open Source Project WebKit r51295 WebKit Open Source Project WebKit r38566 WebKit Open Source Project WebKit 1.2.X WebKit Open Source Project WebKit 1.2.2-1 WebKit Open Source Project WebKit 0 Apple Safari 5.0.6 Apple Safari 5.1 for Windows Apple Safari 5.1 Apple Safari 5.0.6 for windows Apple Safari 5.0.5 for Windows Apple Safari 5.0.5 Apple Safari 5.0.4 for Windows Apple Safari 5.0.4 Apple Safari 5.0.3 for Windows Apple Safari 5.0.3 Apple Safari 5.0.2 for Windows Apple Safari 5.0.2 Apple Safari 5.0.1 for Windows Apple Safari 5.0.1 Apple Safari 5.0 for Windows Apple Safari 5.0 Apple iTunes 9.2.1 Apple iTunes 9.0.2 Apple iTunes 9.0.1 .8 Apple iTunes 9.0.1 Apple iTunes 9.0 Apple iTunes 9.2 Apple iTunes 9.1 Apple iTunes 8.2 Apple iTunes 8.1 Apple iTunes 8.0.2.20 Apple iTunes 8.0 Apple iTunes 10.2.2 Apple iTunes 10.2 Apple iTunes 10.1 Apple iTunes 10 Apple iPod Touch 0 Apple iPhone 0 Apple iPad 0 Apple iOS 4.2.1 Apple iOS 4.0.2 Apple iOS 4.0.1 Apple iOS 4.3.5 Apple iOS 4.3.4 Apple iOS 4.3.3 Apple iOS 4.3.2 Apple iOS 4.3.1 Apple iOS 4.3 Apple iOS 4.2.9 Apple iOS 4.2.8 Apple iOS 4.2.7 Apple iOS 4.2.6 Apple iOS 4.2.5 Apple iOS 4.2.10 Apple iOS 4.2 beta Apple iOS 4.2 Apple iOS 4.1 Apple iOS 4 |
| Not Vulnerable: |
Apple Safari 5.1.1 for Windows Apple Safari 5.1.1 Apple iTunes 10.5 Apple iOS 5 |
Discussion
WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability
WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user to visit a crafted web page. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions.
NOTE: This issue was previously covered in BID 50066 (WebKit Multiple Unspecifeid Remote Code Execution Vulnerabilities) but has been given its own record to better documenting it.
WebKit is prone to a remote code-execution vulnerability.
Attackers can exploit this issue by enticing an unsuspecting user to visit a crafted web page. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions.
NOTE: This issue was previously covered in BID 50066 (WebKit Multiple Unspecifeid Remote Code Execution Vulnerabilities) but has been given its own record to better documenting it.
Exploit / POC
WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Apple iTunes 10.2
Apple iTunes 10.1
Apple iTunes 10.2.2
Apple iTunes 10
Apple Safari 5.1
Apple Safari 5.1 for Windows
Solution:
Updates are available. Please see the references for more information.
Apple iTunes 10.2
-
Apple APPLE-SA-2011-10-11-1 iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/ -
Apple APPLE-SA-2011-10-11-1 iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/
Apple iTunes 10.1
-
Apple APPLE-SA-2011-10-11-1 iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/ -
Apple APPLE-SA-2011-10-11-1 iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/
Apple iTunes 10.2.2
-
Apple APPLE-SA-2011-10-11-1 iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/ -
Apple APPLE-SA-2011-10-11-1 iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/
Apple iTunes 10
-
Apple APPLE-SA-2011-10-11-1 iTunes64Setup.exe
For 64-bit Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/ -
Apple APPLE-SA-2011-10-11-1 iTunesSetup.exe
For Windows XP / Vista / Windows 7
http://www.apple.com/itunes/download/
Apple Safari 5.1
-
Apple Safari5.1.1Lion.dmg
Safari for OS X Lion v10.7.2
http://www.apple.com/safari/download/ -
Apple Safari5.1.1SnowLeopard.dmg
Safari for Mac OS X v10.6.8
http://www.apple.com/safari/download/
Apple Safari 5.1 for Windows
-
Apple APPLE-SA-2011-10-12-4 Safari_Setup.exe
Safari for Windows 7, Vista or XP from the Microsoft Choice Screen
http://www.apple.com/safari/download/ -
Apple APPLE-SA-2011-10-12-4 SafariQuickTimeSetup.exe
Safari+QuickTime for Windows 7, Vista or XP
http://www.apple.com/safari/download/ -
Apple APPLE-SA-2011-10-12-4 SafariSetup.exe
Safari for Windows 7, Vista or XP
http://www.apple.com/safari/download/
References
WebKit Style Sheet Elements CVE-2011-2341 Remote Code Execution Vulnerability
References:
References:
- Apple Safari Homepage (Apple)
- Multiple Vendor WebKit XML Use-After-Free Vulnerability (iDefense)