Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-0222 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents5 sources

Severity

9.3CRITICALNVD

EPSS

32.5%

top 3.13%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedJul 21

Latest updateMay 17

Description

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/safari5.0.5+55

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-6538-27wv-ch9v: WebKit, as used in Apple Safari before 5↗2022-05-17

▶

OSV

CVE-2011-0222: WebKit, as used in Apple Safari before 5↗2011-07-21

▶

💥Exploits & PoCs

Exploit-DB

Apple Safari 5.0.5 - SVG Remote Code Execution (DEP Bypass)↗2011-07-26

▶

Exploit-DB

Apple Safari 5.0.6/5.1 - SVG DOM Processing (PoC)↗2011-07-25

▶

📋Vendor Advisories

Red Hat

kernel: local privilege escalation via /sys/kernel/debug/acpi/custom_method↗2010-11-13

▶