CVE-2011-0154 — MEDIUM (5.1)

Q: How severe is CVE-2011-0154?

CVE-2011-0154 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-0154?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes, Apple Iphone Os, Microsoft Windows.

Vulnerability Description

WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVSS Score

5.1

MEDIUM

AV:N/AC:H/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apple	Itunes	< 10.2
Apple	Iphone Os	-
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-119

References

http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlMailing ListPatchVendor Advisory
http://support.apple.com/kb/HT4554Vendor Advisory
http://support.apple.com/kb/HT4564Vendor Advisory
http://support.apple.com/kb/HT4566Broken LinkVendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-101Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlMailing ListVendor Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlMailing ListPatchVendor Advisory
http://support.apple.com/kb/HT4554Vendor Advisory
http://support.apple.com/kb/HT4564Vendor Advisory
http://support.apple.com/kb/HT4566Broken LinkVendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-11-101Third Party AdvisoryVDB Entry

FAQ

What is CVE-2011-0154?

CVE-2011-0154 is a vulnerability with a CVSS score of 5.1 (MEDIUM). WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrar...

How severe is CVE-2011-0154?

CVE-2011-0154 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-0154?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Itunes, Apple Iphone Os, Microsoft Windows.