CVE-2013-1005

WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1.

Published Byproduct-security@apple.com

Published DateMay 20, 2013, 14:44

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

9.3

Vector String

AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE

References

http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2013/May/msg00000.html
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
http://secunia.com/advisories/54886
http://support.apple.com/kb/HT5766
http://support.apple.com/kb/HT5785
http://support.apple.com/kb/HT5934
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17601

Weakness Type (CWE):CWE-399

CVSS Metrics

Base Score

9.3

Vector String

AV:N/AC:M/Au:N/C:C/I:C/A:C

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

COMPLETE

Integrity (I)

COMPLETE

Availability (A)

COMPLETE