CVE-2013-1037

WebKit, as used in Apple iOS before 7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-09-18-2.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html	Mailing List Vendor Advisory
http://support.apple.com/kb/HT5934	Vendor Advisory
http://secunia.com/advisories/54886	Permissions Required
http://www.securitytracker.com/id/1029054	Third Party Advisory VDB Entry
http://lists.apple.com/archives/security-announce/2013/Oct/msg00003.html	Mailing List Vendor Advisory
http://lists.apple.com/archives/security-announce/2013/Oct/msg00009.html	Mailing List Vendor Advisory
http://support.apple.com/kb/HT6001	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:apple:iphone_os:6.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:6.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.5:::::::*
	cpe:2.3:o:apple:iphone_os:2.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.2.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.8:::::::*
	cpe:2.3:o:apple:iphone_os:3.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:3.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.5:::::::*
	cpe:2.3:o:apple:iphone_os:4.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.3:::::::*
	cpe:2.3:o:apple:iphone_os:5.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:5.0:::::::*
	cpe:2.3:o:apple:iphone_os:1.0.0:::::::*
	cpe:2.3:o:apple:iphone_os:5.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:2.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.0.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.0:::::::*
	cpe:2.3:o:apple:iphone_os:6.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:3.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:6.1.3:::::::*
	cpe:2.3:o:apple:iphone_os:5.1:::::::*
	cpe:2.3:o:apple:iphone_os:6.0.2:::::::*
	cpe:2.3:o:apple:iphone_os:4.1:::::::*
	cpe:2.3:o:apple:iphone_os:4.2.5:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.2:::::::*
	cpe:2.3:o:apple:iphone_os:6.0:::::::*
	cpe:2.3:o:apple:iphone_os:6.1:::::::*
	cpe:2.3:o:apple:iphone_os:2.1.1:::::::*
	cpe:2.3:o:apple:iphone_os:1.1.4:::::::*
	cpe:2.3:o:apple:iphone_os:4.3.0:::::::*
	cpe:2.3:o:apple:iphone_os:2.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:3.2.1:::::::*
	cpe:2.3:o:apple:iphone_os:6.1.6:::::::*
	cpe:2.3:o:apple:iphone_os:6.0.1:::::::*

Configuration 3 (hide)

cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*

Information

Published : 2013-09-19 03:27

Updated : 2016-11-18 11:30

NVD link : CVE-2013-1037

Mitre link : CVE-2013-1037

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

apple

itunes
safari
iphone_os

6.8 /10