What is CVE-2011-1774?

CVE-2011-1774 is a vulnerability in Apple Mac_os_x, classified under Improper Input Validation. Published 2011-07-21.

Is CVE-2011-1774 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apple Mac_os_x

CVE-2011-1774

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.762 (98.9th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x — versions 10.5.8, 10.6.8, 10.6.9
Apple Mac_os_x_server — versions 10.5.8, 10.6.8, 10.6.9
Apple Safari — versions 1.0, 1.0.0, 1.0.0b1
Apple Webkit
Microsoft Windows_7
Microsoft Windows_vista
Microsoft Windows_xp
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

8481 (x_refsource_SREASON, third-party-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
APPLE-SA-2011-10-12-1 (vendor-advisory, x_refsource_APPLE)
APPLE-SA-2011-10-11-1 (vendor-advisory, x_refsource_APPLE)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
APPLE-SA-2011-07-20-1 (vendor-advisory, x_refsource_APPLE, Patch, Vendor Advisory)

Frequently asked questions

What is CVE-2011-1774?: CVE-2011-1774 is a vulnerability in Apple Mac_os_x, classified under Improper Input Validation. Published 2011-07-21.
Is CVE-2011-1774 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.