| CVE ID | CVE-2012-0592 |
| CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
| AFFECTED VENDORS |
WebKit.Org |
| AFFECTED PRODUCTS |
WebKit |
| VULNERABILITY DETAILS |
The flaw exists within the JavaScriptCore component as used by WebKit. This module is responsible for the in browser implementation of JavaScript. When handling the array.splice method the browser improperly calculates the length, and thus allocation size for the newly modified array. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser. |
| ADDITIONAL DETAILS |
WebKit.Org has issued an update to correct this vulnerability. More details can be found at:
http://prod.lists.apple.com/archives/security-announce/2012/Mar/msg00003.html |
| DISCLOSURE TIMELINE |
|
| CREDIT | Alexander Gavrun |
