Vulnerability Details : CVE-2011-0132
Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2011-0132
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.7.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:5.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.4.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:5.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.7:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.4:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.4.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.4.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.4.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.3.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.6:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.6.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.5:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.6.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:6.0.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.0.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.3.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.8.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:5.0.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.1.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.6.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.7.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.3.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.2.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.4.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.7.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.7.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.7.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:4.9.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:7.5.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.0.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.2.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:9.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:9.0.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:9.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:8.0.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:9.0.3:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:9.2:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:9.2.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:10.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:10.1.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:10.0:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:itunes:10.0.1:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
- cpe:2.3:a:apple:webkit:*:*:*:*:*:*:*:*When used together with: Microsoft » Windows Vista
Exploit prediction scoring system (EPSS) score for CVE-2011-0132
3.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-0132
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2011-0132
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-0132
-
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Apple - Lists.apple.comPatch;Vendor Advisory
-
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
Apple - Lists.apple.com
-
http://www.zerodayinitiative.com/advisories/ZDI-11-098
ZDI-11-098 | Zero Day Initiative
-
http://support.apple.com/kb/HT4566
We're sorry.
-
http://support.apple.com/kb/HT4554
About the security content of iTunes 10.2 - Apple SupportVendor Advisory
-
http://support.apple.com/kb/HT4564
About the security content of iOS 4.3 - Apple Support
Jump to