ID CVE-2010-1749
Summary Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.
References
Vulnerable Configurations
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Apple Mac OS X 10.5
    cpe:2.3:o:apple:mac_os_x:10.5
  • Apple Mac OS X 10.5.0
    cpe:2.3:o:apple:mac_os_x:10.5.0
  • Apple Mac OS X 10.5.1
    cpe:2.3:o:apple:mac_os_x:10.5.1
  • Apple Mac OS X 10.5.2
    cpe:2.3:o:apple:mac_os_x:10.5.2
  • Apple Mac OS X 10.5.3
    cpe:2.3:o:apple:mac_os_x:10.5.3
  • Apple Mac OS X 10.5.4
    cpe:2.3:o:apple:mac_os_x:10.5.4
  • Apple Mac OS X 10.5.5
    cpe:2.3:o:apple:mac_os_x:10.5.5
  • Apple Mac OS X 10.5.6
    cpe:2.3:o:apple:mac_os_x:10.5.6
  • Apple Mac OS X 10.5.7
    cpe:2.3:o:apple:mac_os_x:10.5.7
  • Apple Mac OS X 10.5.8
    cpe:2.3:o:apple:mac_os_x:10.5.8
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X Server 10.5
    cpe:2.3:o:apple:mac_os_x_server:10.5
  • Apple Mac OS X Server 10.5.0
    cpe:2.3:o:apple:mac_os_x_server:10.5.0
  • Apple Mac OS X Server 10.5.1
    cpe:2.3:o:apple:mac_os_x_server:10.5.1
  • Apple Mac OS X Server 10.5.2
    cpe:2.3:o:apple:mac_os_x_server:10.5.2
  • Apple Mac OS X Server 10.5.3
    cpe:2.3:o:apple:mac_os_x_server:10.5.3
  • Apple Mac OS X Server 10.5.4
    cpe:2.3:o:apple:mac_os_x_server:10.5.4
  • Apple Mac OS X Server 10.5.5
    cpe:2.3:o:apple:mac_os_x_server:10.5.5
  • Apple Mac OS X Server 10.5.6
    cpe:2.3:o:apple:mac_os_x_server:10.5.6
  • Apple Mac OS X Server 10.5.7
    cpe:2.3:o:apple:mac_os_x_server:10.5.7
  • Apple Mac OS X Server 10.5.8
    cpe:2.3:o:apple:mac_os_x_server:10.5.8
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.0
    cpe:2.3:o:apple:mac_os_x:10.4.0
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
  • Apple Mac OS X 10.4.3
    cpe:2.3:o:apple:mac_os_x:10.4.3
  • Apple Mac OS X 10.4.4
    cpe:2.3:o:apple:mac_os_x:10.4.4
  • Apple Mac OS X 10.4.5
    cpe:2.3:o:apple:mac_os_x:10.4.5
  • Apple Mac OS X 10.4.6
    cpe:2.3:o:apple:mac_os_x:10.4.6
  • Apple Mac OS X 10.4.7
    cpe:2.3:o:apple:mac_os_x:10.4.7
  • Apple Mac OS X 10.4.8
    cpe:2.3:o:apple:mac_os_x:10.4.8
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X 10.4.10
    cpe:2.3:o:apple:mac_os_x:10.4.10
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X Server 10.4
    cpe:2.3:o:apple:mac_os_x_server:10.4
  • Apple Mac OS X Server 10.4.0
    cpe:2.3:o:apple:mac_os_x_server:10.4.0
  • Apple Mac OS X Server 10.4.1
    cpe:2.3:o:apple:mac_os_x_server:10.4.1
  • Apple Mac OS X Server 10.4.2
    cpe:2.3:o:apple:mac_os_x_server:10.4.2
  • Apple Mac OS X Server 10.4.3
    cpe:2.3:o:apple:mac_os_x_server:10.4.3
  • Apple Mac OS X Server 10.4.4
    cpe:2.3:o:apple:mac_os_x_server:10.4.4
  • Apple Mac OS X Server 10.4.5
    cpe:2.3:o:apple:mac_os_x_server:10.4.5
  • Apple Mac OS X Server 10.4.6
    cpe:2.3:o:apple:mac_os_x_server:10.4.6
  • Apple Mac OS X Server 10.4.7
    cpe:2.3:o:apple:mac_os_x_server:10.4.7
  • Apple Mac OS X Server 10.4.8
    cpe:2.3:o:apple:mac_os_x_server:10.4.8
  • Apple Mac OS X Server 10.4.9
    cpe:2.3:o:apple:mac_os_x_server:10.4.9
  • Apple Mac OS X Server 10.4.10
    cpe:2.3:o:apple:mac_os_x_server:10.4.10
  • Apple Mac OS X Server 10.4.11
    cpe:2.3:o:apple:mac_os_x_server:10.4.11
CVSS
Base: 9.3 (as of 14-06-2010 - 17:03)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBWEBKIT-110111.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53764
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53764
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBWEBKIT-110104.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75629
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75629
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family Windows
    NASL id ITUNES_9_2.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 9.2. As such, it may be affected by multiple vulnerabilities : - A heap-based buffer overflow in the handling of images with an embedded ColorSync profile may lead to an application crash or arbitrary code execution. (CVE-2009-1726) - Multiple integer overflows in ImageIO's handling of TIFF files may lead to an application crash or arbitrary code execution. (CVE-2010-1411) - Multiple vulnerabilities WebKit may have a variety of effects, including arbitrary code execution. (CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 47037
    published 2010-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47037
    title Apple iTunes < 9.2 Multiple Vulnerabilities (credentialed check)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_9_2_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 9.2. It is, therefore, affected by multiple vulnerabilities : - A heap-based buffer overflow vulnerability exists in the handling of images with an embedded ColorSync profile. By using a specially crafted image, a remote attacker can exploit this to cause a denial of service or execute arbitrary code. (CVE-2009-1726) - Multiple integer overflow vulnerabilities exist in ImageIO's handling of TIFF files. By using a specially crafted TIFF file, a remote attacker can exploit these to cause a denial of service or execute arbitrary code. (CVE-2010-1411) - The WebKit component contains multiple vulnerabilities that can be exploited, including the execution of arbitrary code. (CVE-2010-0544, CVE-2010-1119, CVE-2010-1387, CVE-2010-1390, CVE-2010-1392, CVE-2010-1393, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1749, CVE-2010-1758, CVE-2010-1759, CVE-2010-1761, CVE-2010-1763, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1774)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 47038
    published 2010-06-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47038
    title Apple iTunes < 9.2 Multiple Vulnerabilities (uncredentialed check)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI5_0.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0 / 4.1. As such, it is potentially affected by numerous issues in the following components : - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 46837
    published 2010-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46837
    title Mac OS X : Apple Safari < 5.0 / 4.1
  • NASL family Windows
    NASL id SAFARI_5_0.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.0. As such, it is potentially affected by numerous issues in the following components : - ColorSync - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 46838
    published 2010-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46838
    title Safari < 5.0 Multiple Vulnerabilities
oval via4
accepted 2013-12-30T04:01:04.544-05:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the Cascading Style Sheets (CSS) run-in property and multiple invocations of a destructor for a child element that has been referenced multiple times.
family windows
id oval:org.mitre.oval:def:7180
status accepted
submitted 2010-06-08T17:30:00.000-05:00
title WebKit SVG 'RadialGradient' Attribute Remote Code Execution Vulnerability
version 14
refmap via4
apple
  • APPLE-SA-2010-06-07-1
  • APPLE-SA-2010-06-16-1
bid 40620
bugtraq 20100608 ZDI-10-101: Apple Webkit SVG RadialGradiant Run-in Remote Code Execution Vulnerability
confirm
misc http://www.zerodayinitiative.com/advisories/ZDI-10-101
sectrack 1024067
secunia
  • 40105
  • 40196
  • 43068
suse SUSE-SR:2011:002
vupen
  • ADV-2010-1373
  • ADV-2010-1512
  • ADV-2011-0212
Last major update 17-02-2011 - 00:00
Published 11-06-2010 - 14:00
Last modified 10-10-2018 - 15:57
Back to Top