CVE-2014-4459

Published Nov 18, 2014

Last updated 6 days ago

CVSS info 6.8

Overview

Description: Use-after-free vulnerability in WebKit, as used in Apple OS X before 10.10.1, allows remote attackers to execute arbitrary code via crafted page objects in an HTML document.
Source: product-security@apple.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: <a href="http://cwe.mitre.org/data/definitions/416.html" rel="nofollow">CWE-416: Use After Free</a> Per an <a href="http://support.apple.com/en-us/HT204246" rel="nofollow">Apple Security Advisory</a> Apple TV before 7.0.3 was also vulnerable. Per an <a href="http://support.apple.com/en-us/HT204245" rel="nofollow">Apple Security Advisory</a> Apple iOS before 8.1.3 was also vulnerable. Per an <a href="http://support.apple.com/en-us/HT6596" rel="nofollow">Apple Security Advisory</a> Apple Safari before versions 8.0.1, 7.1.1 and 6.2.1 were also vulnerable. These product additions are reflected in the vulnerable configuration.
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "848C5E8F-340F-463F-91A6-AB75CA4E6E68",
            "versionEndExcluding": "6.2.1",
            "versionStartIncluding": "6.0"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DDDE5EF4-7915-4943-AA99-72DF69286739",
            "versionEndExcluding": "7.1.1",
            "versionStartIncluding": "7.0"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8FA0AB84-C050-42CD-BFA1-EA2B70C774A9",
            "versionEndExcluding": "8.0.1",
            "versionStartIncluding": "8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "915153E7-23A1-4214-B59A-7CF71D3ED765",
            "versionEndExcluding": "10.10.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6422B418-EC35-4757-9D8F-66920733970D",
            "versionEndExcluding": "8.1.3"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76E53E3D-DDAE-4716-B851-92884CBAF0E2",
            "versionEndExcluding": "12.2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "882872DC-9FE2-4FE8-AD5D-C14BBB2CAC3A",
            "versionEndExcluding": "7.0.3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References