Search for vulnerabilities
Vulnerability details: VCID-1m1u-jhpy-aaac
Vulnerability ID VCID-1m1u-jhpy-aaac
Aliases CVE-2011-1290
Summary Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1290.html
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03547 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.03897 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.05019 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.24136 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.24136 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.24136 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.24136 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
epss 0.33823 https://api.first.org/data/v1/epss?cve=CVE-2011-1290
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1290
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2011-1290
Reference id Reference type URL
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates.html
http://lists.apple.com/archives/security-announce/2011//Apr/msg00000.html
http://lists.apple.com/archives/security-announce/2011//Apr/msg00001.html
http://lists.apple.com/archives/security-announce/2011//Apr/msg00002.html
http://osvdb.org/71182
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1290.html
https://api.first.org/data/v1/epss?cve=CVE-2011-1290
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1290
http://secunia.com/advisories/43735
http://secunia.com/advisories/43748
http://secunia.com/advisories/43782
http://secunia.com/advisories/44151
http://secunia.com/advisories/44154
https://exchange.xforce.ibmcloud.com/vulnerabilities/66052
http://support.apple.com/kb/HT4596
http://support.apple.com/kb/HT4607
http://www.blackberry.com/btsc/KB26132
http://www.debian.org/security/2011/dsa-2192
http://www.securityfocus.com/archive/1/517513/100/0/threaded
http://www.securityfocus.com/bid/46849
http://www.securitytracker.com/id?1025212
http://www.vupen.com/english/advisories/2011/0645
http://www.vupen.com/english/advisories/2011/0654
http://www.vupen.com/english/advisories/2011/0671
http://www.vupen.com/english/advisories/2011/0984
http://www.zdnet.com/blog/security/pwn2own-2011-blackberry-falls-to-webkit-browser-attack/8401
http://www.zerodayinitiative.com/advisories/ZDI-11-104
CVE-2011-1290 https://nvd.nist.gov/vuln/detail/CVE-2011-1290
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2011-1290
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.87016
EPSS Score 0.03547
Published At April 24, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.