CVE ID | CVE-2011-2825 |
CVSS SCORE | 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
WebKit.Org |
AFFECTED PRODUCTS |
WebKit |
VULNERABILITY DETAILS |
The specific flaw exists within the parsing and utilization of font objects. When the code parses the @font-face CSS element it does not validate that the font-family is legitimate. Later, if the same font-family is applied within CSS the code will access an invalid element of its internal font object. This can be leveraged by a remote attacker to execute code under the context of the user running the browser. |
ADDITIONAL DETAILS |
WebKit.Org has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT5190 |
DISCLOSURE TIMELINE |
|
CREDIT | wushi of team509 miaubiz |