Vulnerability Report

CVE-2011-1425

Title: Apple Webkit

Other

Proof Of Concept

PoC Available for CVE-2011-1425

CWE Category CWE-264

Published Date Apr 04, 2011

Modified Date Jun 16, 2026

Exploit Status Available

Score 5.1 CVSS v2.0

Exploit Probability (EPSS)

8.06%

Vulnerability Summary

CVE-2011-1425: xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in WebKit and other products, when XSLT is enabled, allows remote attackers to create or overwrite arbitrary files via vectors involving the libxslt output extension and a ds:Transform element during signature verification.

Impacted Vendors

webkit 1

aleksey 1

apple 1

Reference Links

http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780 http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa http://secunia.com/advisories/43920 http://secunia.com/advisories/44167 http://secunia.com/advisories/44423 http://trac.webkit.org/changeset/79159 http://www.aleksey.com/pipermail/xmlsec/2011/009120.html http://www.debian.org/security/2011/dsa-2219 http://www.mandriva.com/security/advisories?name=MDVSA-2011:063 http://www.redhat.com/support/errata/RHSA-2011-0486.html http://www.securityfocus.com/bid/47135 http://www.securitytracker.com/id?1025284 http://www.vupen.com/english/advisories/2011/0855 http://www.vupen.com/english/advisories/2011/0858 http://www.vupen.com/english/advisories/2011/1010 http://www.vupen.com/english/advisories/2011/1172 https://bugs.webkit.org/show_bug.cgi?id=52688 https://bugzilla.redhat.com/show_bug.cgi?id=692133 https://exchange.xforce.ibmcloud.com/vulnerabilities/66506 http://git.gnome.org/browse/xmlsec/commit/?id=2d5eddcc4163ea050cf3a3a1a25452bb5124f780 http://git.gnome.org/browse/xmlsec/commit/?id=35eaacde6093d6711339754fc2146341b8b9f5fa http://secunia.com/advisories/43920 http://secunia.com/advisories/44167 http://secunia.com/advisories/44423 http://trac.webkit.org/changeset/79159 http://www.aleksey.com/pipermail/xmlsec/2011/009120.html http://www.debian.org/security/2011/dsa-2219 http://www.mandriva.com/security/advisories?name=MDVSA-2011:063 http://www.redhat.com/support/errata/RHSA-2011-0486.html http://www.securityfocus.com/bid/47135 http://www.securitytracker.com/id?1025284 http://www.vupen.com/english/advisories/2011/0855 http://www.vupen.com/english/advisories/2011/0858 http://www.vupen.com/english/advisories/2011/1010 http://www.vupen.com/english/advisories/2011/1172 https://bugs.webkit.org/show_bug.cgi?id=52688 https://bugzilla.redhat.com/show_bug.cgi?id=692133 https://exchange.xforce.ibmcloud.com/vulnerabilities/66506

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.1

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:H/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2011-1425 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/17993

View Code

June 16, 2026 MODIFIED

Vulnerability data updated via NVD.

April 29, 2026 MODIFIED

Vulnerability data updated via NVD.

April 11, 2025 MODIFIED

Vulnerability data or affected products updated.

April 04, 2011 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.