CVE-2011-1344

Current Description

Use-after-free vulnerability in WebKit, as used in Apple Safari before 5.0.5; iOS before 4.3.2 for iPhone, iPod, and iPad; iOS before 4.2.7 for iPhone 4 (CDMA); and possibly other products allows remote attackers to execute arbitrary code by adding children to a WBR tag and then removing the tag, related to text nodes, as demonstrated by Chaouki Bekrar during a Pwn2Own competition at CanSecWest 2011.

Basic Data

PublishedMarch 10, 2011
Last ModifiedOctober 09, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.8
SeverityMEDIUM
Exploitability Score8.6
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationAppleSafari1.0*******
    2.3ApplicationAppleSafari1.0beta******
    2.3ApplicationAppleSafari1.0beta2******
    2.3ApplicationAppleSafari1.0.0*******
    2.3ApplicationAppleSafari1.0.0b1*******
    2.3ApplicationAppleSafari1.0.0b2*******
    2.3ApplicationAppleSafari1.0.1*******
    2.3ApplicationAppleSafari1.0.2*******
    2.3ApplicationAppleSafari1.0.3*******
    2.3ApplicationAppleSafari1.0.385.8******
    2.3ApplicationAppleSafari1.0.385.8.1******
    2.3ApplicationAppleSafari1.1*******
    2.3ApplicationAppleSafari1.1.0*******
    2.3ApplicationAppleSafari1.1.1*******
    2.3ApplicationAppleSafari1.2*******
    2.3ApplicationAppleSafari1.2.0*******
    2.3ApplicationAppleSafari1.2.1*******
    2.3ApplicationAppleSafari1.2.2*******
    2.3ApplicationAppleSafari1.2.3*******
    2.3ApplicationAppleSafari1.2.4*******
    2.3ApplicationAppleSafari1.2.5*******
    2.3ApplicationAppleSafari1.3*******
    2.3ApplicationAppleSafari1.3.0*******
    2.3ApplicationAppleSafari1.3.1*******
    2.3ApplicationAppleSafari1.3.2*******
    2.3ApplicationAppleSafari1.3.2312.5******
    2.3ApplicationAppleSafari1.3.2312.6******
    2.3ApplicationAppleSafari2*******
    2.3ApplicationAppleSafari2.0*******
    2.3ApplicationAppleSafari2.0.0*******
    2.3ApplicationAppleSafari2.0.1*******
    2.3ApplicationAppleSafari2.0.2*******
    2.3ApplicationAppleSafari2.0.3*******
    2.3ApplicationAppleSafari2.0.3417.8******
    2.3ApplicationAppleSafari2.0.3417.9******
    2.3ApplicationAppleSafari2.0.3417.9.2******
    2.3ApplicationAppleSafari2.0.3417.9.3******
    2.3ApplicationAppleSafari2.0.4*******
    2.3ApplicationAppleSafari3*******
    2.3ApplicationAppleSafari3.0*******
    2.3ApplicationAppleSafari3.0.0*******
    2.3ApplicationAppleSafari3.0.0b*******
    2.3ApplicationAppleSafari3.0.1*******
    2.3ApplicationAppleSafari3.0.1b*******
    2.3ApplicationAppleSafari3.0.2*******
    2.3ApplicationAppleSafari3.0.2b*******
    2.3ApplicationAppleSafari3.0.3*******
    2.3ApplicationAppleSafari3.0.3b*******
    2.3ApplicationAppleSafari3.0.4*******
    2.3ApplicationAppleSafari3.0.4b*******
    2.3ApplicationAppleSafari3.1.0*******
    2.3ApplicationAppleSafari3.1.0b*******
    2.3ApplicationAppleSafari3.1.1*******
    2.3ApplicationAppleSafari3.1.2*******
    2.3ApplicationAppleSafari3.2.0*******
    2.3ApplicationAppleSafari3.2.1*******
    2.3ApplicationAppleSafari3.2.2*******
    2.3ApplicationAppleSafari4.0*******
    2.3ApplicationAppleSafari4.0beta******
    2.3ApplicationAppleSafari4.0.0b*******
    2.3ApplicationAppleSafari4.0.1*******
    2.3ApplicationAppleSafari4.0.2*******
    2.3ApplicationAppleSafari4.0.3*******
    2.3ApplicationAppleSafari4.0.4*******
    2.3ApplicationAppleSafari4.0.5*******
    2.3ApplicationAppleSafari4.1*******
    2.3ApplicationAppleSafari4.1.1*******
    2.3ApplicationAppleSafari4.1.2*******
    2.3ApplicationAppleSafari5.0*******
    2.3ApplicationAppleSafari5.0.1*******
    2.3ApplicationAppleSafari5.0.2*******
    2.3ApplicationAppleSafari********5.0.4
  • AND
    • OR - Configuration 2
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSAppleIphone Os1.0.0*******
      2.3OSAppleIphone Os1.0.1*******
      2.3OSAppleIphone Os1.0.2*******
      2.3OSAppleIphone Os1.1.0*******
      2.3OSAppleIphone Os1.1.1*******
      2.3OSAppleIphone Os1.1.2*******
      2.3OSAppleIphone Os1.1.3*******
      2.3OSAppleIphone Os1.1.4*******
      2.3OSAppleIphone Os1.1.5*******
      2.3OSAppleIphone Os2.0*******
      2.3OSAppleIphone Os2.0.0*******
      2.3OSAppleIphone Os2.0.1*******
      2.3OSAppleIphone Os2.0.2*******
      2.3OSAppleIphone Os2.1*******
      2.3OSAppleIphone Os2.1.1*******
      2.3OSAppleIphone Os2.2*******
      2.3OSAppleIphone Os2.2.1*******
      2.3OSAppleIphone Os3.0*******
      2.3OSAppleIphone Os3.0.1*******
      2.3OSAppleIphone Os3.1*******
      2.3OSAppleIphone Os3.1.2*******
      2.3OSAppleIphone Os3.1.3*******
      2.3OSAppleIphone Os3.2*******
      2.3OSAppleIphone Os3.2.1*******
      2.3OSAppleIphone Os4.0*******
      2.3OSAppleIphone Os4.0.1*******
      2.3OSAppleIphone Os4.0.2*******
      2.3OSAppleIphone Os4.1*******
      2.3OSAppleIphone Os4.2*******
      2.3OSAppleIphone Os4.2.1*******
      2.3OSAppleIphone Os4.2.5*******
      2.3OSAppleIphone Os4.2.8*******
      2.3OSAppleIphone Os4.3.0*******
      2.3OSAppleIphone Os********4.3.1
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareAppleIpad********
      2.3HardwareAppleIphone********
      2.3HardwareAppleIpod Touch********
  • AND
    • OR - Configuration 3
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSAppleIphone Os1.0.0*******
      2.3OSAppleIphone Os1.0.1*******
      2.3OSAppleIphone Os1.0.2*******
      2.3OSAppleIphone Os1.1.0*******
      2.3OSAppleIphone Os1.1.1*******
      2.3OSAppleIphone Os1.1.2*******
      2.3OSAppleIphone Os1.1.3*******
      2.3OSAppleIphone Os1.1.4*******
      2.3OSAppleIphone Os1.1.5*******
      2.3OSAppleIphone Os2.0*******
      2.3OSAppleIphone Os2.0.0*******
      2.3OSAppleIphone Os2.0.1*******
      2.3OSAppleIphone Os2.0.2*******
      2.3OSAppleIphone Os2.1*******
      2.3OSAppleIphone Os2.1.1*******
      2.3OSAppleIphone Os2.2*******
      2.3OSAppleIphone Os2.2.1*******
      2.3OSAppleIphone Os3.0*******
      2.3OSAppleIphone Os3.0.1*******
      2.3OSAppleIphone Os3.1*******
      2.3OSAppleIphone Os3.1.2*******
      2.3OSAppleIphone Os3.1.3*******
      2.3OSAppleIphone Os3.2*******
      2.3OSAppleIphone Os3.2.1*******
      2.3OSAppleIphone Os3.2.2*******
      2.3OSAppleIphone Os4.0*******
      2.3OSAppleIphone Os4.0.1*******
      2.3OSAppleIphone Os4.0.2*******
      2.3OSAppleIphone Os4.1*******
      2.3OSAppleIphone Os4.2*******
      2.3OSAppleIphone Os4.2.1*******
      2.3OSAppleIphone Os********4.2.5
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareAppleIphone4*******

Vulnerable Software List

VendorProductVersions
Apple Iphone Os *, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.1.4, 1.1.5, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.1, 2.1.1, 2.2, 2.2.1, 3.0, 3.0.1, 3.1, 3.1.2, 3.1.3, 3.2, 3.2.1, 3.2.2, 4.0, 4.0.1, 4.0.2, 4.1, 4.2, 4.2.1, 4.2.5, 4.2.8, 4.3.0
Apple Safari *, 1.0, 1.0.0, 1.0.0b1, 1.0.0b2, 1.0.1, 1.0.2, 1.0.3, 1.1, 1.1.0, 1.1.1, 1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5, 1.3, 1.3.0, 1.3.1, 1.3.2, 2, 2.0, 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3, 3.0, 3.0.0, 3.0.0b, 3.0.1, 3.0.1b, 3.0.2, 3.0.2b, 3.0.3, 3.0.3b, 3.0.4, 3.0.4b, 3.1.0, 3.1.0b, 3.1.1, 3.1.2, 3.2.0, 3.2.1, 3.2.2, 4.0, 4.0.0b, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1, 4.1.1, 4.1.2, 5.0, 5.0.1, 5.0.2

References

NameSourceURLTags
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011MISC
APPLE-SA-2011-04-14-1http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.htmlAPPLE
APPLE-SA-2011-04-14-2http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.htmlAPPLE
APPLE-SA-2011-04-14-3http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.htmlAPPLE
44151http://secunia.com/advisories/44151SECUNIA
44154http://secunia.com/advisories/44154SECUNIA
http://support.apple.com/kb/HT4596http://support.apple.com/kb/HT4596CONFIRM
http://support.apple.com/kb/HT4607http://support.apple.com/kb/HT4607CONFIRM
http://twitter.com/aaronportnoy/statuses/45632544967901187http://twitter.com/aaronportnoy/statuses/45632544967901187MISC
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Ownhttp://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2OwnMISC
20110414 ZDI-11-135: (Pwn2Own) WebKit WBR Tag Removal Remote Code Execution Vulnerabilityhttp://www.securityfocus.com/archive/1/517505/100/0/threadedBUGTRAQ
20110415 VUPEN Security Research - Apple Safari Text Nodes Remote Use-after-free Vulnerability (CVE-2011-1344)http://www.securityfocus.com/archive/1/517517/100/0/threadedBUGTRAQ
46822http://www.securityfocus.com/bid/46822BID
1025363http://www.securitytracker.com/id?1025363SECTRACK
ADV-2011-0984http://www.vupen.com/english/advisories/2011/0984VUPEN
http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358http://www.zdnet.com/blog/security/safarimacbook-first-to-fall-at-pwn2own-2011/8358MISC
http://www.zerodayinitiative.com/advisories/ZDI-11-135http://www.zerodayinitiative.com/advisories/ZDI-11-135MISC
safari-webkit-unspec-code-exec(66061)https://exchange.xforce.ibmcloud.com/vulnerabilities/66061XF