‘WebKit WBR Tag Removal Code Execution Vulnerability’
‘The information has been provided by Vupen Security.
The original article can be found at: http://www.zerodayinitiative.com/advisories/ZDI-11-135/‘
* WebKit WebKit
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the way the Webkit library handles WBR tags on a webpage. By adding children to a WBR tag and then consequently removing the tag through, for example, a ‘removeChild’ call it is possible to create a dangling pointer that can result in remote code execution under the context of the current user.
Google patch on March 12, 2011:
2011-03-31 – Vulnerability reported to vendor
2011-04-14 – Coordinated public release of advisory’