CVE-2011-3845Apple Safari vulnerability

CWE-3992 documents2 sources
Severity
7.6HIGHNVD
EPSS
1.8%
top 16.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedMar 8
Latest updateMay 14

Description

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

NVDapple/safari5.1.2

🔴Vulnerability Details

1
GHSA
GHSA-fhjp-qgh5-53mc: Use-after-free vulnerability in Apple Safari 52022-05-14