CVE-2011-1290

Current Description

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

Basic Data

PublishedMarch 11, 2011
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-189
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3ApplicationAppleWebkit********
      2.3ApplicationRimBlackberry Torch 9800 Firmware6.0.0.246*******
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareRimBlackberry Torch 9800********

Vulnerable Software List

VendorProductVersions
Apple Webkit *
Rim Blackberry Torch 9800 Firmware 6.0.0.246
Rim Blackberry Torch 9800 *

References

NameSourceURLTags
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011MISC
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.htmlhttp://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.htmlCONFIRM
APPLE-SA-2011-04-14-1http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.htmlAPPLE
APPLE-SA-2011-04-14-2http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.htmlAPPLE
APPLE-SA-2011-04-14-3http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.htmlAPPLE
71182http://osvdb.org/71182OSVDB
43735http://secunia.com/advisories/43735SECUNIAVendor Advisory
43748http://secunia.com/advisories/43748SECUNIAVendor Advisory
43782http://secunia.com/advisories/43782SECUNIAVendor Advisory
44151http://secunia.com/advisories/44151SECUNIAVendor Advisory
44154http://secunia.com/advisories/44154SECUNIAVendor Advisory
http://support.apple.com/kb/HT4596http://support.apple.com/kb/HT4596CONFIRM
http://support.apple.com/kb/HT4607http://support.apple.com/kb/HT4607CONFIRM
http://www.blackberry.com/btsc/KB26132http://www.blackberry.com/btsc/KB26132CONFIRM
DSA-2192http://www.debian.org/security/2011/dsa-2192DEBIAN
20110414 ZDI-11-104: (Pwn2Own) Webkit CSS Text Element Count Remote Code Execution Vulnerabilityhttp://www.securityfocus.com/archive/1/517513/100/0/threadedBUGTRAQ
46849http://www.securityfocus.com/bid/46849BID
1025212http://www.securitytracker.com/id?1025212SECTRACK
ADV-2011-0645http://www.vupen.com/english/advisories/2011/0645VUPENVendor Advisory
ADV-2011-0654http://www.vupen.com/english/advisories/2011/0654VUPENVendor Advisory
ADV-2011-0671http://www.vupen.com/english/advisories/2011/0671VUPEN
ADV-2011-0984http://www.vupen.com/english/advisories/2011/0984VUPENVendor Advisory
http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401MISC
http://www.zerodayinitiative.com/advisories/ZDI-11-104http://www.zerodayinitiative.com/advisories/ZDI-11-104MISC
google-webkit-style-code-execution(66052)https://exchange.xforce.ibmcloud.com/vulnerabilities/66052XF