CVE-2011-0115Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Itunes

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.6HIGHNVD
EPSS
1.0%
top 22.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Itunes
Timeline
PublishedMar 3
Latest updateMay 17

Description

The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/itunes10.1.2+64

Patches

Patch: lists.apple.comPatch: lists.apple.com

🔴Vulnerability Details

2
GHSA
GHSA-mxw2-6hjp-j6qp: The DOM level 2 implementation in WebKit, as used in Apple iTunes before 102022-05-17
OSV
CVE-2011-0115: The DOM level 2 implementation in WebKit, as used in Apple iTunes before 102011-03-03