CVE-2011-0132 — Out-of-bounds Write in Apple Itunes

CWE-3993 documents3 sources

Severity

7.6HIGHNVD

EPSS

0.7%

top 28.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Itunes

Timeline

PublishedMar 3

Latest updateMay 17

Description

Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2.1 Visual Formatting Model implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/itunes10.1.2+64

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-5rch-w95j-qgrv: Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2↗2022-05-17

▶

OSV

CVE-2011-0132: Use-after-free vulnerability in the Runin box functionality in the Cascading Style Sheets (CSS) 2↗2011-03-03

▶