|
|
|
|
| |
Credit:
The information has been provided by wushi and miaubiz.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-12-054/
|
| |
Vulnerable Systems:
* WebKit
The specific flaw exists within the parsing and utilization of font objects. When the code parses the @font-face CSS element it does not validate that the font-family is legitimate. Later, if the same font-family is applied within CSS the code will access an invalid element of its internal font object. This can be leveraged by a remote attacker to execute code under the context of the user running the browser.
Vendor Status:
WebKit has issued an update to correct this vulnerability
Patch Availability:
http://support.apple.com/kb/HT5190
CVE Information:
CVE-2011-2825
Disclosure Timeline:
2011-05-12 - Vulnerability reported to vendor
2012-03-26 - Coordinated public release of advisory
|
|
|
|
|
