CVE-2011-0115: Buffer Overflow
First published: Thu Mar 03 2011(Updated: )
The DOM level 2 implementation in WebKit, as used in Apple iTunes before 10.2 on Windows and Apple Safari, does not properly handle DOM manipulations associated with event listeners during processing of range objects, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iTunes | <=10.1.2 | |
| iTunes | =4.0.0 | |
| iTunes | =4.0.1 | |
| iTunes | =4.1.0 | |
| iTunes | =4.2.0 | |
| iTunes | =4.5 | |
| iTunes | =4.5.0 | |
| iTunes | =4.6 | |
| iTunes | =4.6.0 | |
| iTunes | =4.7 | |
| iTunes | =4.7.0 | |
| iTunes | =4.7.1 | |
| iTunes | =4.7.2 | |
| iTunes | =4.8.0 | |
| iTunes | =4.9.0 | |
| iTunes | =5.0 | |
| iTunes | =5.0.0 | |
| iTunes | =5.0.1 | |
| iTunes | =6.0.0 | |
| iTunes | =6.0.1 | |
| iTunes | =6.0.2 | |
| iTunes | =6.0.3 | |
| iTunes | =6.0.4 | |
| iTunes | =6.0.4.2 | |
| iTunes | =6.0.5 | |
| iTunes | =7.0.0 | |
| iTunes | =7.0.1 | |
| iTunes | =7.0.2 | |
| iTunes | =7.1.0 | |
| iTunes | =7.1.1 | |
| iTunes | =7.2.0 | |
| iTunes | =7.3.0 | |
| iTunes | =7.3.1 | |
| iTunes | =7.3.2 | |
| iTunes | =7.4 | |
| iTunes | =7.4.0 | |
| iTunes | =7.4.1 | |
| iTunes | =7.4.2 | |
| iTunes | =7.4.3 | |
| iTunes | =7.5 | |
| iTunes | =7.5.0 | |
| iTunes | =7.6 | |
| iTunes | =7.6.0 | |
| iTunes | =7.6.1 | |
| iTunes | =7.6.2 | |
| iTunes | =7.7 | |
| iTunes | =7.7.0 | |
| iTunes | =7.7.1 | |
| iTunes | =8.0.0 | |
| iTunes | =8.0.1 | |
| iTunes | =8.0.2 | |
| iTunes | =8.1 | |
| iTunes | =8.1.1 | |
| iTunes | =8.2 | |
| iTunes | =8.2.1 | |
| iTunes | =9.0.0 | |
| iTunes | =9.0.1 | |
| iTunes | =9.0.2 | |
| iTunes | =9.0.3 | |
| iTunes | =9.2 | |
| iTunes | =9.2.1 | |
| iTunes | =10.0 | |
| iTunes | =10.0.1 | |
| iTunes | =10.1 | |
| iTunes | =10.1.1 | |
| Safari | ||
| WebKit | ||
| Microsoft Windows Operating System | ||
| Microsoft Windows 7 | ||
| Microsoft Windows Vista | ||
| Microsoft Windows Vista | =sp1 | |
| Microsoft Windows Vista | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
- http://www.zerodayinitiative.com/advisories/ZDI-11-096
- http://support.apple.com/kb/HT4554
- http://support.apple.com/kb/HT4564
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00003.html
- http://support.apple.com/kb/HT4566
Frequently Asked Questions
What is the severity of CVE-2011-0115?
CVE-2011-0115 has a severity rating that indicates a risk of remote code execution or denial of service due to improper DOM manipulation.
How do I fix CVE-2011-0115?
To fix CVE-2011-0115, ensure you update Apple iTunes or Safari to the latest version as specified by Apple.
Which versions of software are affected by CVE-2011-0115?
CVE-2011-0115 affects various versions of Apple iTunes up to 10.1.2, and prior versions of Apple Safari and WebKit.
What type of vulnerability is CVE-2011-0115?
CVE-2011-0115 is a vulnerabilities related to DOM manipulation that can allow remote code execution.
Can I still use my affected software if I have CVE-2011-0115?
Using affected software without applying the necessary updates poses a security risk, and it is recommended to update to mitigate vulnerabilities.
- collector/nvd-historical
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/itunes
- version/itunes/10.1.2
- version/itunes/4.0.0
- version/itunes/4.0.1
- version/itunes/4.1.0
- version/itunes/4.2.0
- version/itunes/4.5
- version/itunes/4.5.0
- version/itunes/4.6
- version/itunes/4.6.0
- version/itunes/4.7
- version/itunes/4.7.0
- version/itunes/4.7.1
- version/itunes/4.7.2
- version/itunes/4.8.0
- version/itunes/4.9.0
- version/itunes/5.0
- version/itunes/5.0.0
- version/itunes/5.0.1
- version/itunes/6.0.0
- version/itunes/6.0.1
- version/itunes/6.0.2
- version/itunes/6.0.3
- version/itunes/6.0.4
- version/itunes/6.0.4.2
- version/itunes/6.0.5
- version/itunes/7.0.0
- version/itunes/7.0.1
- version/itunes/7.0.2
- version/itunes/7.1.0
- version/itunes/7.1.1
- version/itunes/7.2.0
- version/itunes/7.3.0
- version/itunes/7.3.1
- version/itunes/7.3.2
- version/itunes/7.4
- version/itunes/7.4.0
- version/itunes/7.4.1
- version/itunes/7.4.2
- version/itunes/7.4.3
- version/itunes/7.5
- version/itunes/7.5.0
- version/itunes/7.6
- version/itunes/7.6.0
- version/itunes/7.6.1
- version/itunes/7.6.2
- version/itunes/7.7
- version/itunes/7.7.0
- version/itunes/7.7.1
- version/itunes/8.0.0
- version/itunes/8.0.1
- version/itunes/8.0.2
- version/itunes/8.1
- version/itunes/8.1.1
- version/itunes/8.2
- version/itunes/8.2.1
- version/itunes/9.0.0
- version/itunes/9.0.1
- version/itunes/9.0.2
- version/itunes/9.0.3
- version/itunes/9.2
- version/itunes/9.2.1
- version/itunes/10.0
- version/itunes/10.0.1
- version/itunes/10.1
- version/itunes/10.1.1
- canonical/safari
- canonical/webkit
- vendor/microsoft
- canonical/microsoft windows operating system
- canonical/microsoft windows 7
- canonical/microsoft windows vista
- version/microsoft windows vista/sp1
- version/microsoft windows vista/sp2
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3