CVE-2011-1290

Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.

• CWE-189

• http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
• http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html
• http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html
• http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html
• http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html
• http://osvdb.org/71182
• http://secunia.com/advisories/43735Vendor Advisory
• http://secunia.com/advisories/43748Vendor Advisory
• http://secunia.com/advisories/43782Vendor Advisory
• http://secunia.com/advisories/44151Vendor Advisory
• http://secunia.com/advisories/44154Vendor Advisory
• http://support.apple.com/kb/HT4596
• http://support.apple.com/kb/HT4607
• http://www.blackberry.com/btsc/KB26132
• http://www.debian.org/security/2011/dsa-2192
• http://www.securityfocus.com/archive/1/517513/100/0/threaded
• http://www.securityfocus.com/bid/46849
• http://www.securitytracker.com/id?1025212
• http://www.vupen.com/english/advisories/2011/0645Vendor Advisory
• http://www.vupen.com/english/advisories/2011/0654Vendor Advisory
• http://www.vupen.com/english/advisories/2011/0671
• http://www.vupen.com/english/advisories/2011/0984Vendor Advisory
• http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401
• http://www.zerodayinitiative.com/advisories/ZDI-11-104
• https://exchange.xforce.ibmcloud.com/vulnerabilities/66052
• http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
• http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html
• http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html
• http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html
• http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html
• http://osvdb.org/71182
• http://secunia.com/advisories/43735Vendor Advisory
• http://secunia.com/advisories/43748Vendor Advisory
• http://secunia.com/advisories/43782Vendor Advisory
• http://secunia.com/advisories/44151Vendor Advisory
• http://secunia.com/advisories/44154Vendor Advisory
• http://support.apple.com/kb/HT4596
• http://support.apple.com/kb/HT4607
• http://www.blackberry.com/btsc/KB26132
• http://www.debian.org/security/2011/dsa-2192
• http://www.securityfocus.com/archive/1/517513/100/0/threaded
• http://www.securityfocus.com/bid/46849
• http://www.securitytracker.com/id?1025212
• http://www.vupen.com/english/advisories/2011/0645Vendor Advisory
• http://www.vupen.com/english/advisories/2011/0654Vendor Advisory
• http://www.vupen.com/english/advisories/2011/0671
• http://www.vupen.com/english/advisories/2011/0984Vendor Advisory
• http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401
• http://www.zerodayinitiative.com/advisories/ZDI-11-104
• https://exchange.xforce.ibmcloud.com/vulnerabilities/66052

Published

Mar 11, 2011

Last Modified

Jun 16, 2026

Status

Modified