CVE-2014-1297

WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read arbitrary files by leveraging WebProcess access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
applesafari
𝑥
≤ 6.1.2
applesafari
6.0
applesafari
6.0.1
applesafari
6.0.2
applesafari
6.0.3
applesafari
6.0.4
applesafari
6.0.5
applesafari
6.1
applesafari
6.1.1
applesafari
7.0
applesafari
7.0.1
applesafari
7.0.2
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qtwebkit-opensource-src
yakkety
ignored
xenial
ignored
wily
ignored
vivid
ignored
trusty
dne
precise
dne
qtwebkit-source
yakkety
ignored
xenial
ignored
wily
ignored
vivid
ignored
trusty
dne
precise
ignored
webkit
yakkety
dne
xenial
dne
wily
dne
vivid
dne
trusty
dne
precise
ignored
webkitgtk
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0009.html