Sign-up

ID

VAR-201103-0240


CVE

CVE-2011-0139


TITLE

plural Apple Product WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2011-001329

DESCRIPTION

WebKit, as used in Apple iTunes before 10.2 on Windows, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-03-02-1. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Very few technical details are currently available. We will update this BID when more information emerges. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. NOTE: This issue was previously discussed in BID 46654 (WebKit Multiple Memory Corruption Vulnerabilities) but has been given its own record to better document it. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A vulnerability exists in WebKit used in versions prior to 10.2 of Apple iTunes on Windows-based platforms

Trust: 2.07

sources: NVD: CVE-2011-0139 // JVNDB: JVNDB-2011-001329 // BID: 46712 // VULHUB: VHN-48084 // VULMON: CVE-2011-0139

AFFECTED PRODUCTS

vendor:applemodel:itunesscope:eqversion:4.6.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.1.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.7.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.0.1

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.0.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.5.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:4.2.0

Trust: 1.6

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 1.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 1.1

vendor:applemodel:itunesscope:eqversion:7.6

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:10.0

Trust: 1.0

vendor:applemodel:webkitscope:eqversion:*

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.2.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.8.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.0

Trust: 1.0

vendor:applemodel:itunesscope:lteversion:10.1.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.7

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.7.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.2.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:9.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:10.1.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:4.9.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.4.2

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:10.0.1

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.6.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:8.0.0

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:9.0.3

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:7.5

Trust: 1.0

vendor:applemodel:itunesscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkit r77705scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.x

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2-1

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10.2

Trust: 0.3

sources: BID: 46712 // JVNDB: JVNDB-2011-001329 // CNNVD: CNNVD-201103-089 // NVD: CVE-2011-0139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-0139
value: HIGH

Trust: 1.0

NVD: CVE-2011-0139
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201103-089
value: HIGH

Trust: 0.6

VULHUB: VHN-48084
value: HIGH

Trust: 0.1

VULMON: CVE-2011-0139
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2011-0139
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-48084
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-48084 // VULMON: CVE-2011-0139 // JVNDB: JVNDB-2011-001329 // CNNVD: CNNVD-201103-089 // NVD: CVE-2011-0139

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-48084 // JVNDB: JVNDB-2011-001329 // NVD: CVE-2011-0139

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201103-089

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201103-089

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2011-001329

PATCH
title:HT4554url:http://support.apple.com/kb/HT4554
Trust: 0.8
title:HT4566url:http://support.apple.com/kb/HT4566
Trust: 0.8
title:HT4554url:http://support.apple.com/kb/HT4554?viewlocale=ja_JP
Trust: 0.8
title:HT4566url:http://support.apple.com/kb/HT4566?viewlocale=ja_JP
Trust: 0.8
title:iTunes 10.2url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39588
Trust: 0.6
title:iTunes 10.2 for Windows (64 bit)url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=39587
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2011-001329 // 
            
            
            
            CNNVD: CNNVD-201103-089

EXTERNAL IDS
db:NVDid:CVE-2011-0139
Trust: 2.9
db:JVNDBid:JVNDB-2011-001329
Trust: 0.8
db:CNNVDid:CNNVD-201103-089
Trust: 0.7
db:APPLEid:APPLE-SA-2011-03-02-1
Trust: 0.6
db:BIDid:46712
Trust: 0.4
db:VULHUBid:VHN-48084
Trust: 0.1
db:VULMONid:CVE-2011-0139
Trust: 0.1
sources:
            
            
            VULHUB: VHN-48084 // 
            
            
            
            VULMON: CVE-2011-0139 // 
            
            
            
            BID: 46712 // 
            
            
            
            JVNDB: JVNDB-2011-001329 // 
            
            
            
            CNNVD: CNNVD-201103-089 // 
            
            
            
            NVD: CVE-2011-0139

REFERENCES
url:http://lists.apple.com/archives/security-announce/2011/mar/msg00000.html
Trust: 1.8
url:http://support.apple.com/kb/ht4554
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2011//mar/msg00004.html
Trust: 1.2
url:http://support.apple.com/kb/ht4566
Trust: 1.2
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17446
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0139
Trust: 0.8
url:http://jvn.jp/cert/jvnvu556020
Trust: 0.8
url:http://jvn.jp/cert/jvnvu643615
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0139
Trust: 0.8
url:http://www.apple.com/itunes/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:https://www.rapid7.com/db/vulnerabilities/apple-itunes-cve-2011-0139
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=22597
Trust: 0.1
sources:
            
            
            VULHUB: VHN-48084 // 
            
            
            
            VULMON: CVE-2011-0139 // 
            
            
            
            BID: 46712 // 
            
            
            
            JVNDB: JVNDB-2011-001329 // 
            
            
            
            CNNVD: CNNVD-201103-089 // 
            
            
            
            NVD: CVE-2011-0139

CREDITS
kuzzcc
Trust: 0.3
sources:
            
            
            BID: 46712

SOURCES
db:VULHUBid:VHN-48084
db:VULMONid:CVE-2011-0139
db:BIDid:46712
db:JVNDBid:JVNDB-2011-001329
db:CNNVDid:CNNVD-201103-089
db:NVDid:CVE-2011-0139

LAST UPDATE DATE
2025-04-11T19:33:11.660000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-48084date:2017-09-19T00:00:00
db:VULMONid:CVE-2011-0139date:2017-09-19T00:00:00
db:BIDid:46712date:2011-03-02T00:00:00
db:JVNDBid:JVNDB-2011-001329date:2011-03-31T00:00:00
db:CNNVDid:CNNVD-201103-089date:2011-03-08T00:00:00
db:NVDid:CVE-2011-0139date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-48084date:2011-03-03T00:00:00
db:VULMONid:CVE-2011-0139date:2011-03-03T00:00:00
db:BIDid:46712date:2011-03-02T00:00:00
db:JVNDBid:JVNDB-2011-001329date:2011-03-31T00:00:00
db:CNNVDid:CNNVD-201103-089date:2011-03-04T00:00:00
db:NVDid:CVE-2011-0139date:2011-03-03T20:00:02.113