Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1774 — Improper Input Validation in Apple Safari

CWE-20 — Improper Input Validation5 documents4 sources

Severity

8.8HIGHNVD

EPSS

76.2%

top 1.07%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Safari

Timeline

PublishedJul 21

Latest updateMay 17

Description

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

CVSS vector

AV:N/AC:M/C:N/I:C/A:CExploitability: 8.6 | Impact: 9.2

Affected Packages1 packages

▶NVDapple/safari5.0.5+55

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-g72c-6w48-gpw9: WebKit in Apple Safari before 5↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Apple Safari Webkit - libxslt Arbitrary File Creation (Metasploit)↗2011-10-18

▶

Metasploit

Cross Platform Webkit File Dropper↗

▶

Metasploit

Apple Safari Webkit libxslt Arbitrary File Creation↗

▶