CVE-2011-3845 : Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-as

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

Published 2012-03-08 04:15:03

Updated 2018-01-05 02:29:11

Source Flexera Software LLC

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2011-3845

Probability of exploitation activity in the next 30 days: 1.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-3845

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.6	HIGH	AV:N/AC:H/Au:N/C:C/I:C/A:C	4.9	10.0	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-3845

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3845

http://www.securityfocus.com/bid/52325

Apple Safari Plugin Unloading Remote Code Execution Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/73713

Apple Safari plug-in code execution CVE-2011-3845 Vulnerability Report
http://osvdb.org/79849

Products affected by CVE-2011-3845

Apple » Safari » Version: 5.1.2
cpe:2.3:a:apple:safari:5.1.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-3845

Exploit prediction scoring system (EPSS) score for CVE-2011-3845

CVSS scores for CVE-2011-3845

CWE ids for CVE-2011-3845

References for CVE-2011-3845

Products affected by CVE-2011-3845