OSVDB ID: 86149

Title: WebKit SVGElementInstance::detach Function Use-after-free Arbitrary Code Execution

Info

Disclosure

Oct 09, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Oct 09, 2012

Description

WebKit contains a use-after-free error in the 'SVGElementInstance::detach' function in WebCore/svg/SVGElementInstance.cpp when DETAILED DESCRIPTION. With a specially crafted SVG file, a context-dependent attacker can dereference already freed memory and execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. Upgrade to version 1.10.2 or higher to address this vulnerability. Upgrade to Google Chrome version 22.0.1229.94 or higher and Google Chrome OS version 21.0.1180.92 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Google, Inc.	Chrome	22.0.1229.92
Google, Inc.	Chrome OS	21.0.1183.89

webkit.org

WebKitGTK+

1.10.1

Apple Inc.	iTunes	11.0.2
		11.0.3
		10.0.2

References

Security Tracker: 1027644
CVE ID: 2012-5112 (see also: NVD)
Secunia Advisory ID: 50954 51079 51157 51162 53471
Bugtraq ID: 55867
Related OSVDB ID: 86150
Vendor Specific Advisory URL: http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html
http://support.apple.com/kb/HT5567
http://support.apple.com/kb/HT5568
http://support.apple.com/kb/HT5766
Vendor Specific News/Changelog Entry: http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html
http://www.gentoo.org/security/en/glsa/glsa-201210-07.xml
https://bugs.webkit.org/show_bug.cgi?id=98851
https://code.google.com/p/chromium/issues/detail?id=154987
Mail List Post: http://seclists.org/bugtraq/2012/Nov/12
Vendor Specific Solution URL: http://trac.webkit.org/changeset/130855

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86149

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Google, Inc.

Chrome

Chrome OS

webkit.org

WebKitGTK+

Apple Inc.

iTunes

References

Credit