Vulnerability Description
WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to a "dangling pointer" and iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Itunes | <= 10.1.2 |
| Apple | Webkit | All versions |
| Microsoft | Windows | All versions |
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Vista | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4554Vendor Advisory
- http://support.apple.com/kb/HT4564
- http://support.apple.com/kb/HT4566
- http://www.zerodayinitiative.com/advisories/ZDI-11-100
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlPatchVendor Advisory
- http://support.apple.com/kb/HT4554Vendor Advisory
- http://support.apple.com/kb/HT4564
- http://support.apple.com/kb/HT4566
- http://www.zerodayinitiative.com/advisories/ZDI-11-100
FAQ
What is CVE-2011-0149?
CVE-2011-0149 is a vulnerability with a CVSS score of 7.6 (HIGH). WebKit, as used in Apple iTunes before 10.2 on Windows, does not properly parse HTML elements associated with document namespaces, which allows man-in-the-middle attackers to execute arbitrary code or...
How severe is CVE-2011-0149?
CVE-2011-0149 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0149?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes, Apple Webkit, Microsoft Windows, Microsoft Windows 7, Microsoft Windows Vista.