VYPR
Unrated severityNVD Advisory· Published Mar 8, 2012· Updated Jun 16, 2026

CVE-2011-3845

CVE-2011-3845

Description

Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in with a blocking function is installed, allows user-assisted remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in, leading to improper coordination between an API call and the plug-in unloading functionality, as demonstrated by the Adobe Flash and RealPlayer plug-ins.

Affected products

2
  • Apple Inc./Safari2 versions
    cpe:2.3:a:apple:safari:5.1.2:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:apple:safari:5.1.2:*:*:*:*:*:*:*
    • (no CPE)range: =5.1.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.