CVE-2011-0115

Apple iTunes < 10.2 - Remote Code Execution via WebKit DOM Range Handling

Title source: llm
STIX 2.1

Description

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

References (7)

Core 7
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-11-096
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4564
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4566
Patch, Vendor Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT4554
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

Scores

EPSS 0.0318
EPSS Percentile 86.6%

Details

CWE
CWE-119
Status published
Products (50)
apple/itunes 4.0.0
apple/itunes 4.0.1
apple/itunes 4.1.0
apple/itunes 4.2.0
apple/itunes 4.5
apple/itunes 4.5.0
apple/itunes 4.6
apple/itunes 4.6.0
apple/itunes 4.7
apple/itunes 4.7.0
... and 40 more
Published Mar 03, 2011
Tracked Since Feb 18, 2026