CVE-2011-0115
Apple iTunes < 10.2 - Remote Code Execution via WebKit DOM Range Handling
Title source: llmDescription
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
References (7)
Core 7
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-096
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4554
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Scores
EPSS
0.0318
EPSS Percentile
86.6%
Details
CWE
CWE-119
Status
published
Products (50)
apple/itunes
4.0.0
apple/itunes
4.0.1
apple/itunes
4.1.0
apple/itunes
4.2.0
apple/itunes
4.5
apple/itunes
4.5.0
apple/itunes
4.6
apple/itunes
4.6.0
apple/itunes
4.7
apple/itunes
4.7.0
... and 40 more
Published
Mar 03, 2011
Tracked Since
Feb 18, 2026