CVE-2010-1179 - Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service

CVE-2010-1179

Summary

Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large integer in the numcolors attribute of a recolorinfo element in a VML file, possibly a related issue to CVE-2007-0024.

References

Vulnerable Configurations

cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:-:ipodtouch:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:3.1.3:-:ipodtouch:*:*:*:*:*

CVSS

Base:	9.3 (as of 30-03-2010 - 04:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	38990
exploit-db	11890
misc	http://nishantdaspatnaik.yolasite.com/ipodpoc4.php

Last major update

30-03-2010 - 04:00

Published

29-03-2010 - 19:30

Last modified

30-03-2010 - 04:00