Sign-up

ID

VAR-201407-0100


CVE

CVE-2014-1340


TITLE

Apple Safari Used in etc. WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-003064

DESCRIPTION

WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2014-06-30-1. Apple Safari Used in etc. WebKit is prone to an unspecified memory-corruption vulnerability. An attacker may exploit this issue by enticing victims into viewing a malicious webpage. Successful exploits may allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. A security vulnerability exists in the WebKit used in Apple Safari versions prior to 6.1.5 and 7.x versions prior to 7.0.5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2014-06-30-1 Safari 6.1.5 and Safari 7.0.5 Safari 6.1.5 and Safari 7.0.5 are now available and address the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling. CVE-ID CVE-2014-1325 : Apple CVE-2014-1340 : Apple CVE-2014-1362 : Apple, miaubiz CVE-2014-1363 : Apple CVE-2014-1364 : Apple CVE-2014-1365 : Apple, Google Chrome Security Team CVE-2014-1366 : Apple CVE-2014-1367 : Apple CVE-2014-1368 : Wushi of Keen Team (Research Team of Keen Cloud Tech) CVE-2014-1382 : Renata Hodovan of University of Szeged / Samsung Electronics WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: Dragging a URL from a maliciously crafted website to another window could lead to the disclosure of local file content Description: Dragging a URL from a maliciously crafted website to another window could have allowed the malicious site to access a file:// URL. This issue was addressed through improved validation of dragged resources. CVE-ID CVE-2014-1369 : Aaron Sigel of vtty.com WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.3 Impact: A maliciously crafted website may be able to spoof its domain name in the address bar Description: A spoofing issue existed in the handling of URLs. This issue was addressed through improved encoding of URLs. CVE-ID CVE-2014-1345 : Erling Ellingsen of Facebook For OS X Mavericks and OS X Mountain Lion systems, Safari 7.0.5 and Safari 6.1.5 may be obtained from Mac App Store. For OS X Lion systems Safari 6.1.5 is available via the Apple Software Update application. Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTsaPHAAoJEBcWfLTuOo7taK8P/0tThtNLog6ssE+iBRlBRtlu pdjDkqF5N5b71I00+DWhpxasEmsrmc7j5XXzbqaH/I3eWx9rRSHYTxon3gXHv8xY K4N1eUb/taHUaSJDH9mfzTvmxZf8x1EGsBQDmDpotXVtwW5h3uYxYsjAoG6g/MZO i74ggPKp3XnjSa/DPEJIXXZTTZrYDCBnDOE1By/vOVBshUy6/M8pWNd56gjYrYm9 VqJjeR9ZRc7RTkmbpJGOphjJ9/N/5oLinDV9cpObPktFhrG/RO90gGLorvtqG4NJ i9iOw2XHnX59TvmELjWHDJKD4NbGDSSl9eOW1iHQfLb5rt6yr7eNPfQDJMqYQKYh oViKYvhyRlOM5W56Xs6d39IJuHy43UkjPHU6frh5hrR+08WaVYfwNEhGf7iUzkPG Ln6quTg8hvQivHsmBnQ1fgYwcCc09QkAI9BtiLJqW+9Nk4KxKDB6ZBUFvp1z/ELZ SHRyb52FAo0yukNDjYqdp9l7QjhCzYpHdwZZGpgVmnroQPdBa+sJqBGiNRQd6Qun 1K5Rn3CaPAIft21L5aCju0uIouo8g56SBo9+bXCdDPpMmV3CSCRtU/aWfHWOE9D7 /MN0FCa6EQXKz15zBRMCmHY6QWAexM//gdrnLBx8ndLS1y59+hL/fz7PJ1pGtJa9 9Q6eqCFTMNIRoGCOsp8M =Hhsf -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2014-1340 // JVNDB: JVNDB-2014-003064 // BID: 68275 // VULHUB: VHN-69279 // PACKETSTORM: 127305

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:7.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:7.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:7.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:7.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.1.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.1.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.5

Trust: 1.6

vendor:applemodel:safariscope:eqversion:7.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.1.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:6.0.2

Trust: 1.0

vendor:applemodel:safariscope:lteversion:6.1.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:6.0.1

Trust: 1.0

vendor:applemodel:itunesscope:ltversion:(windows)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x mavericks v10.9.3)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x mountain lion v10.8.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x lion v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x mountain lion v10.8.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:6.1.5

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x mavericks v10.9.3)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:7.x (os x lion server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x lion server v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:ltversion:(os x lion v10.7.5)

Trust: 0.8

vendor:applemodel:safariscope:eqversion:7.0.5

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:12.0.1

Trust: 0.8

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.5

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.3

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:1.2.2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:2

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:esignalmodel:esignalscope:eqversion:6.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.6

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:1.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.7

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.5

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.3

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:4

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3.1

Trust: 0.3

vendor:applemodel:safariscope:eqversion:3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.3

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:6.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:5.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.7

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:4.2.72

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:7.4

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.6

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.5

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.3

sources: BID: 68275 // JVNDB: JVNDB-2014-003064 // CNNVD: CNNVD-201407-027 // NVD: CVE-2014-1340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-1340
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-1340
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201407-027
value: MEDIUM

Trust: 0.6

VULHUB: VHN-69279
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-1340
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-69279
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-69279 // JVNDB: JVNDB-2014-003064 // CNNVD: CNNVD-201407-027 // NVD: CVE-2014-1340

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-69279 // JVNDB: JVNDB-2014-003064 // NVD: CVE-2014-1340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-027

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201407-027

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-003064

PATCH
title:HT6537url:http://support.apple.com/en-eu/HT6537
Trust: 0.8
title:HT6293url:http://support.apple.com/kb/HT6293
Trust: 0.8
title:HT6293url:http://support.apple.com/kb/HT6293?viewlocale=ja_JP
Trust: 0.8
title:HT6537url:http://support.apple.com/ja-jp/HT6537
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-003064

EXTERNAL IDS
db:NVDid:CVE-2014-1340
Trust: 2.9
db:SECTRACKid:1030495
Trust: 1.1
db:SECUNIAid:59481
Trust: 1.1
db:JVNid:JVNVU97537282
Trust: 0.8
db:JVNid:JVNVU99696049
Trust: 0.8
db:JVNDBid:JVNDB-2014-003064
Trust: 0.8
db:CNNVDid:CNNVD-201407-027
Trust: 0.7
db:BIDid:68275
Trust: 0.4
db:VULHUBid:VHN-69279
Trust: 0.1
db:PACKETSTORMid:127305
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69279 // 
            
            
            
            BID: 68275 // 
            
            
            
            JVNDB: JVNDB-2014-003064 // 
            
            
            
            PACKETSTORM: 127305 // 
            
            
            
            CNNVD: CNNVD-201407-027 // 
            
            
            
            NVD: CVE-2014-1340

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2014-06/0171.html
Trust: 2.5
url:https://support.apple.com/kb/ht6537
Trust: 1.1
url:http://www.securitytracker.com/id/1030495
Trust: 1.1
url:http://secunia.com/advisories/59481
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1340
Trust: 0.8
url:http://jvn.jp/vu/jvnvu99696049/index.html
Trust: 0.8
url:http://jvn.jp/vu/jvnvu97537282/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1340
Trust: 0.8
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.webkit.org/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2014-1365
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1325
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1340
Trust: 0.1
url:https://www.apple.com/support/security/pgp/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1364
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1367
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1382
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1366
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1362
Trust: 0.1
url:http://support.apple.com/kb/ht1222
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1363
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2014-1368
Trust: 0.1
url:http://gpgtools.org
Trust: 0.1
sources:
            
            
            VULHUB: VHN-69279 // 
            
            
            
            BID: 68275 // 
            
            
            
            JVNDB: JVNDB-2014-003064 // 
            
            
            
            PACKETSTORM: 127305 // 
            
            
            
            CNNVD: CNNVD-201407-027 // 
            
            
            
            NVD: CVE-2014-1340

CREDITS
Apple
Trust: 0.4
sources:
            
            
            BID: 68275 // 
            
            
            
            PACKETSTORM: 127305

SOURCES
db:VULHUBid:VHN-69279
db:BIDid:68275
db:JVNDBid:JVNDB-2014-003064
db:PACKETSTORMid:127305
db:CNNVDid:CNNVD-201407-027
db:NVDid:CVE-2014-1340

LAST UPDATE DATE
2025-04-13T21:28:19.066000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-69279date:2016-12-08T00:00:00
db:BIDid:68275date:2014-10-17T19:03:00
db:JVNDBid:JVNDB-2014-003064date:2014-11-20T00:00:00
db:CNNVDid:CNNVD-201407-027date:2014-07-03T00:00:00
db:NVDid:CVE-2014-1340date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-69279date:2014-07-01T00:00:00
db:BIDid:68275date:2014-06-30T00:00:00
db:JVNDBid:JVNDB-2014-003064date:2014-07-02T00:00:00
db:PACKETSTORMid:127305date:2014-07-01T01:01:19
db:CNNVDid:CNNVD-201407-027date:2014-07-03T00:00:00
db:NVDid:CVE-2014-1340date:2014-07-01T10:17:25.813