0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WebKitGTK+ Code Execution / Cookie Handling / Memory Corruption Vulnerabilities
Author
Risk
![](/img/risk/critlow_4.gif)
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
------------------------------------------------------------------------ WebKitGTK+ Security Advisory ------------------------------------------------------------------------ Date reported : October 18, 2017 Advisory ID : WSA-2017-0008 Advisory URL : https://webkitgtk.org/security/WSA-2017-0008.html CVE identifiers : CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094, CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120, CVE-2017-7142. Several vulnerabilities were discovered in WebKitGTK+. CVE-2017-7081 Versions affected: WebKitGTK+ before 2.16.1. Credit to Apple. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A memory corruption issue was addressed through improved input validation. CVE-2017-7087 Versions affected: WebKitGTK+ before 2.18.0. Credit to Apple. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7089 Versions affected: WebKitGTK+ before 2.18.0. Credit to Anton Lopanitsyn of ONSEC, Frans RosA(c)n of Detectify. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: A logic issue existed in the handling of the parent-tab. This issue was addressed with improved state management. CVE-2017-7090 Versions affected: WebKitGTK+ before 2.18.0. Credit to Apple. Impact: Cookies belonging to one origin may be sent to another origin. Description: A permissions issue existed in the handling of web browser cookies. This issue was addressed by no longer returning cookies for custom URL schemes. CVE-2017-7091 Versions affected: WebKitGTK+ before 2.18.0. Credit to Wei Yuan of Baidu Security Lab working with Trend Microas Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7092 Versions affected: WebKitGTK+ before 2.18.0. Credit to Qixun Zhao (@S0rryMybad) of Qihoo 360 Vulcan Team, Samuel Gro and Niklas Baumstark working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7093 Versions affected: WebKitGTK+ before 2.18.0. Credit to Samuel Gro and Niklas Baumstark working with Trend Microas Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7094 Versions affected: WebKitGTK+ before 2.16.3. Credit to Tim Michaud (@TimGMichaud) of Leviathan Security Group. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7095 Versions affected: WebKitGTK+ before 2.18.0. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University working with Trend Microas Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7096 Versions affected: WebKitGTK+ before 2.18.0. Credit to Wei Yuan of Baidu Security Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7098 Versions affected: WebKitGTK+ before 2.18.0. Credit to Felipe Freitas of Instituto TecnolA3gico de AeronA!utica. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7099 Versions affected: WebKitGTK+ before 2.16.4. Credit to Apple. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7100 Versions affected: WebKitGTK+ before 2.18.0. Credit to Masato Kinugawa and Mario Heiderich of Cure53. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7102 Versions affected: WebKitGTK+ before 2.18.0. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7104 Versions affected: WebKitGTK+ before 2.18.0. Credit to likemeng of Baidu Secutity Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7107 Versions affected: WebKitGTK+ before 2.18.0. Credit to Wang Junjie, Wei Lei, and Liu Yang of Nanyang Technological University. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7109 Versions affected: WebKitGTK+ before 2.18.0. Credit to avlidienbrunn. Impact: Processing maliciously crafted web content may lead to a cross site scripting attack. Description: Application Cache policy may be unexpectedly applied. CVE-2017-7111 Versions affected: WebKitGTK+ before 2.18.0. Credit to likemeng of Baidu Security Lab (xlab.baidu.com) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7117 Versions affected: WebKitGTK+ before 2.18.0. Credit to lokihardt of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7120 Versions affected: WebKitGTK+ before 2.18.0. Credit to chenqin (ee|) of Ant-financial Light-Year Security Lab. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7142 Versions affected: WebKitGTK+ before 2.16.1. Credit to an anonymous researcher. Impact: Website data may persist after a Safari Private browsing session. Description: An information leakage issue existed in the handling of website data in Safari Private windows. This issue was addressed with improved data handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, October 18, 2017 # 0day.today [2024-06-28] #