8.8

CVE-2016-4765

WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4759, CVE-2016-4766, CVE-2016-4767, and CVE-2016-4768.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 10.0
AppleiPhone OS Version < 10.0
AppletvOS Version < 10.0
AppleiTunes Version < 12.5.1
   MicrosoftWindows Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.07% 0.789
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://lists.apple.com/archives/security-announce/2016/Sep/msg00008.html
Vendor Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2016/Sep/msg00011.html
Vendor Advisory
Mailing List
https://support.apple.com/HT207142
Vendor Advisory
https://support.apple.com/HT207143
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Sep/msg00007.html
Vendor Advisory
Mailing List
http://www.securitytracker.com/id/1036854
Third Party Advisory
VDB Entry
https://support.apple.com/HT207157
Vendor Advisory
http://lists.apple.com/archives/security-announce/2016/Sep/msg00012.html
Vendor Advisory
Mailing List
http://www.securityfocus.com/bid/93064
Third Party Advisory
VDB Entry
https://support.apple.com/HT207158
Vendor Advisory