What is CVE-2011-3230?

CVE-2011-3230 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2011-10-14.

Is CVE-2011-3230 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apple Mac_os_x

CVE-2011-3230

Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.

EPSS: 0.645 (98.5th percentile) — read the EPSS interpretation.

Affected products

Apple Mac_os_x
Apple Mac_os_x_server
Apple Safari — versions 1.0, 1.0.0, 1.0.0b1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

rapid7/metasploit-framework

References

apple-safari-code-exec(70567) (vdb-entry, x_refsource_XF)
APPLE-SA-2011-10-12-4 (vendor-advisory, x_refsource_APPLE, Vendor Advisory)
76389 (x_refsource_OSVDB, vdb-entry)
product-security@apple.com (x_refsource_CONFIRM, Vendor Advisory)
50162 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2011-3230?: CVE-2011-3230 is a vulnerability in Apple Mac_os_x, classified under CWE-264. Published 2011-10-14.
Is CVE-2011-3230 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.