vendor:
Safari
by:
Nikita Tarakanov (CISS Research Team), Alex Bazhanyuk (CISS Research Team)
9.3
CVSS
HIGH
SVG DOM processing
94
CWE
Product Name: Safari
Affected Version From: prior to 5.0.6, 5.1
Affected Version To: N/A
Patch Exists: YES
Related CWE: CVE-2011-0222
CPE: apple:safari
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Win XP SP3, Win 7 SP1
2011
CVE-2011-0222 Safari SVG DOM processing PoC
A vulnerability in Safari's SVG DOM processing allows an attacker to execute arbitrary code on a vulnerable system. The vulnerability is caused due to an error in the handling of SVG elements, which can be exploited to execute arbitrary code by tricking a user into visiting a malicious web page.
Mitigation:
Apple released a patch for this vulnerability in Safari 5.0.6 and 5.1.