CVE-2011-3845

Name of the Vulnerable Software and Affected Versions Apple Safari version 5.1.2

Description The issue is related to a use-after-free vulnerability that occurs when a plug-in with a blocking function is installed. This allows remote attackers to execute arbitrary code via a crafted web page that is accessed during user interaction with the plug-in. The vulnerability is caused by improper coordination between an API call and the plug-in unloading functionality. This has been demonstrated with the Adobe Flash and RealPlayer plug-ins.

Recommendations For Apple Safari version 5.1.2, consider disabling the use of plug-ins, especially those with blocking functions, until a patch is available. Restrict access to potentially vulnerable API calls to minimize the risk of exploitation. Avoid using the affected Safari version for sensitive tasks until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.