0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities
Author
Risk
[
Security Risk Critical
]0day-ID
Category
Date add
CVE
Platform
WebKitGTK+ Memory Corruption / Spoofing / Code Execution Vulnerabilities Advisory URL : https://webkitgtk.org/security/WSA-2018-0002.html CVE identifiers : CVE-2018-4088, CVE-2018-4089, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885. Several vulnerabilities were discovered in WebKitGTK+. CVE-2018-4088 Versions affected: WebKitGTK+ before 2.18.6. Credit to Jeonghoon Shin of Theori. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4089 Versions affected: WebKitGTK+ before 2.18.4. Credit to Ivan Fratric of Google Project Zero. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2018-4096 Versions affected: WebKitGTK+ before 2.18.6. Credit to OSS-Fuzz. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7153 Versions affected: WebKitGTK+ before 2.18.6. Credit to Jerry Decime. Impact: Visiting a malicious website may lead to user interface spoofing. Description: Redirect responses to 401 Unauthorized may allow a malicious website to incorrectly display the lock icon on mixed content. This issue was addressed through improved URL display logic. CVE-2017-7160 Versions affected: WebKitGTK+ before 2.18.6. Credit to Richard Zhu (fluorescence) working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-7161 Versions affected: WebKitGTK+ before 2.18.6. Credit to Mitin Svyat. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: A command injection issue existed in Web Inspector. This issue was addressed through improved escaping of special characters. CVE-2017-7165 Versions affected: WebKitGTK+ before 2.18.6. Credit to 360 Security working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13884 Versions affected: WebKitGTK+ before 2.18.6. Credit to 360 Security working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2017-13885 Versions affected: WebKitGTK+ before 2.18.6. Credit to 360 Security working with Trend Micro's Zero Day Initiative. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Description: Multiple memory corruption issues were addressed with improved memory handling. We recommend updating to the last stable version of WebKitGTK+. It is the best way of ensuring that you are running a safe version of WebKitGTK+. Please check our website for information about the last stable releases. Further information about WebKitGTK+ Security Advisories can be found at: https://webkitgtk.org/security.html The WebKitGTK+ team, January 24, 2018 # 0day.today [2024-09-28] #