Use-after-free vulnerability in Apple Safari 5.1.2 with plug-ins leading to arbitrary code execution

Use-after-free vulnerability in Apple Safari 5.1.2 with plug-ins leading to arbitrary code execution

CVE-2011-3845 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

Learn more about our Web App Pen Testing.