HTTP: Apple Safari WebKit innerHTML Double Free Memory Corruption
This signature detects attempts to exploit a known vulnerability in the Apple Safari WebKit innerHTML. Successful attacks can allow an attacker to run their code of choice on the target system.
Extended Description
WebKit is prone to a remote code-execution vulnerability due to memory corruption. Attackers can exploit this issue by enticing an unsuspecting user to visit a malicious webpage. Successful attacks will result in arbitrary code execution; failed attacks may cause denial-of-service conditions. NOTE: This issue was previously discussed in BID 48808 (Apple Safari Prior to 5.1 and 5.0.6 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Affected Products
Apple iphone,Apple safari
Short Name
HTTP:STC:SAFARI:INNERHTML-MC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apple CVE-2011-0221 Corruption Double Free Memory Safari WebKit bid:48844 innerHTML
Release Date
08/03/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3605
False Positive
Unknown
Vendors
Webkit_open_source_project
Apple
CVSS Score
9.3