Signature Detail
Short Name |
HTTP:STC:SAFARI:INNERHTML-MC |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apple Safari WebKit innerHTML Double Free Memory Corruption |
Release Date |
2011/08/03 |
Update Number |
1966 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Apple Safari WebKit innerHTML Double Free Memory Corruption
This signature detects attempts to exploit a known vulnerability in the Apple Safari WebKit innerHTML. Successful attacks can allow an attacker to run their code of choice on the target system.
Extended Description
WebKit is prone to a remote code-execution vulnerability due to memory corruption. Attackers can exploit this issue by enticing an unsuspecting user to visit a malicious webpage. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Affected Products
- Apple iOS 4
- Apple iOS 4.0.1
- Apple iOS 4.0.2
- Apple iOS 4.1
- Apple iOS 4.2
- Apple iOS 4.2.1
- Apple iOS 4.2.10
- Apple iOS 4.2.5
- Apple iOS 4.2.6
- Apple iOS 4.2.7
- Apple iOS 4.2.8
- Apple iOS 4.2.9
- Apple iOS 4.2 beta
- Apple iOS 4.3
- Apple iOS 4.3.1
- Apple iOS 4.3.2
- Apple iOS 4.3.3
- Apple iOS 4.3.4
- Apple iOS 4.3.5
- Apple iPad
- Apple iPhone
- Apple iPod Touch
- Apple iTunes 10
- Apple iTunes 10.1
- Apple iTunes 10.2
- Apple iTunes 10.2.2
- Apple iTunes 8.0
- Apple iTunes 8.0.0
- Apple iTunes 8.0.0 - Windows
- Apple iTunes 8.0.1
- Apple iTunes 8.0.2.20
- Apple iTunes 8.1
- Apple iTunes 8.2
- Apple iTunes 9.0.0
- Apple iTunes 9.0.1
- Apple iTunes 9.0.1.8
- Apple iTunes 9.0.2
- Apple iTunes 9.1
- Apple iTunes 9.2
- Apple iTunes 9.2.1
- Apple iTunes
- Apple Safari 4
- Apple Safari 4.0.1
- Apple Safari 4.0.2
- Apple Safari 4.0.2 For Windows
- Apple Safari 4.0.3
- Apple Safari 4.0.3 For Windows
- Apple Safari 4.0.4
- Apple Safari 4.0.4 For Windows
- Apple Safari 4.0.5
- Apple Safari 4.0.5 For Windows
- Apple Safari 4.1
- Apple Safari 4 Beta
- Apple Safari 4 For Windows
- Apple Safari 5.0
- Apple Safari 5.0.1
- Apple Safari 5.0.1 for Windows
- Apple Safari 5.0.2
- Apple Safari 5.0.2 for Windows
- Apple Safari 5.0.3
- Apple Safari 5.0.3 for Windows
- Apple Safari 5.0.4
- Apple Safari 5.0.4 for Windows
- Apple Safari 5.0.5
- Apple Safari 5.0.5 for Windows
- Apple Safari 5.0 For Windows
- WebKit Open Source Project WebKit 1.2.2
- WebKit Open Source Project WebKit 1.2.2-1
- WebKit Open Source Project WebKit 1.2.3
- WebKit Open Source Project WebKit 1.2.5
- WebKit Open Source Project WebKit 1.2.X
- WebKit Open Source Project WebKit R38566
- WebKit Open Source Project WebKit R51295
- WebKit Open Source Project WebKit R52401
- WebKit Open Source Project WebKit R52833
- WebKit Open Source Project WebKit r77705
- WebKit Open Source Project WebKit r82222
- WebKit Open Source Project WebKit
References
- BugTraq: 48844
- CVE: CVE-2011-0221