OSVDB ID: 84380 Title: WebKit Calendar Picker Indicator Input Type Change Event Handling Memory Corruption |
Info |
|
|
Dates |
||||
|
|
Description |
WebKit contains a typecasting flaw in the 'CalendarPickerElement::defaultEventHandler' function in WebCore/html/shadow/CalendarPickerElement.cpp when an event changes the input type for a calendar picker indicator when e.g. clicked. With a specially crafted web page, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code. |
Classification |
Location:
Context Dependent
Attack Type: Input Manipulation Impact: Loss of Integrity, Impact Unknown Solution: Upgrade Exploit: PoC Public Disclosure: Vendor Verified, Coordinated Disclosure OSVDB: Web Related |
Solution |
The vendor has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details. Upgrade to Google Chrome version 21.0.1180.57 or higher for Mac and Linux or 21.0.1180.60 or higher for Windows and Chrome Frame, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |