ID CVE-2010-1791
Summary Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
References
Vulnerable Configurations
  • Apple Safari 5.0
    cpe:2.3:a:apple:safari:5.0
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Apple Mac OS X 10.5.0
    cpe:2.3:o:apple:mac_os_x:10.5.0
  • Apple Mac OS X 10.5
    cpe:2.3:o:apple:mac_os_x:10.5
  • Apple Mac OS X 10.5.1
    cpe:2.3:o:apple:mac_os_x:10.5.1
  • Apple Mac OS X 10.5.2
    cpe:2.3:o:apple:mac_os_x:10.5.2
  • Apple Mac OS X 10.5.3
    cpe:2.3:o:apple:mac_os_x:10.5.3
  • Apple Mac OS X 10.5.4
    cpe:2.3:o:apple:mac_os_x:10.5.4
  • Apple Mac OS X 10.5.5
    cpe:2.3:o:apple:mac_os_x:10.5.5
  • Apple Mac OS X 10.5.6
    cpe:2.3:o:apple:mac_os_x:10.5.6
  • Apple Mac OS X 10.5.7
    cpe:2.3:o:apple:mac_os_x:10.5.7
  • Apple Mac OS X 10.5.8
    cpe:2.3:o:apple:mac_os_x:10.5.8
  • Apple Mac OS X 10.6.0
    cpe:2.3:o:apple:mac_os_x:10.6.0
  • Apple Mac OS X 10.6.1
    cpe:2.3:o:apple:mac_os_x:10.6.1
  • Apple Mac OS X 10.6.2
    cpe:2.3:o:apple:mac_os_x:10.6.2
  • Apple Mac OS X Server 10.5
    cpe:2.3:o:apple:mac_os_x_server:10.5
  • Apple Mac OS X Server 10.5.0
    cpe:2.3:o:apple:mac_os_x_server:10.5.0
  • Apple Mac OS X Server 10.5.1
    cpe:2.3:o:apple:mac_os_x_server:10.5.1
  • Apple Mac OS X Server 10.5.2
    cpe:2.3:o:apple:mac_os_x_server:10.5.2
  • Apple Mac OS X Server 10.5.3
    cpe:2.3:o:apple:mac_os_x_server:10.5.3
  • Apple Mac OS X Server 10.5.4
    cpe:2.3:o:apple:mac_os_x_server:10.5.4
  • Apple Mac OS X Server 10.5.5
    cpe:2.3:o:apple:mac_os_x_server:10.5.5
  • Apple Mac OS X Server 10.5.6
    cpe:2.3:o:apple:mac_os_x_server:10.5.6
  • Apple Mac OS X Server 10.5.7
    cpe:2.3:o:apple:mac_os_x_server:10.5.7
  • Apple Mac OS X Server 10.5.8
    cpe:2.3:o:apple:mac_os_x_server:10.5.8
  • Apple Mac OS X Server 10.6.0
    cpe:2.3:o:apple:mac_os_x_server:10.6.0
  • Apple Mac OS X Server 10.6.1
    cpe:2.3:o:apple:mac_os_x_server:10.6.1
  • Apple Mac OS X Server 10.6.2
    cpe:2.3:o:apple:mac_os_x_server:10.6.2
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
  • Microsoft Windows XP Service Pack 3
    cpe:2.3:o:microsoft:windows_xp:-:sp3
  • Microsoft Windows Vista
    cpe:2.3:o:microsoft:windows_vista
  • Microsoft Windows 7
    cpe:2.3:o:microsoft:windows_7
  • Apple Mac OS X 10.6.3
    cpe:2.3:o:apple:mac_os_x:10.6.3
  • Apple Mac OS X 10.6.4
    cpe:2.3:o:apple:mac_os_x:10.6.4
  • Apple Mac OS X Server 10.6.3
    cpe:2.3:o:apple:mac_os_x_server:10.6.3
  • Apple Mac OS X Server 10.6.4
    cpe:2.3:o:apple:mac_os_x_server:10.6.4
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple Safari 4.1
    cpe:2.3:a:apple:safari:4.1
  • Apple WebKit
    cpe:2.3:a:apple:webkit
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.0
    cpe:2.3:o:apple:mac_os_x:10.4.0
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
  • Apple Mac OS X 10.4.3
    cpe:2.3:o:apple:mac_os_x:10.4.3
  • Apple Mac OS X 10.4.4
    cpe:2.3:o:apple:mac_os_x:10.4.4
  • Apple Mac OS X 10.4.5
    cpe:2.3:o:apple:mac_os_x:10.4.5
  • Apple Mac OS X 10.4.6
    cpe:2.3:o:apple:mac_os_x:10.4.6
  • Apple Mac OS X 10.4.7
    cpe:2.3:o:apple:mac_os_x:10.4.7
  • Apple Mac OS X 10.4.8
    cpe:2.3:o:apple:mac_os_x:10.4.8
  • Apple Mac OS X 10.4.9
    cpe:2.3:o:apple:mac_os_x:10.4.9
  • Apple Mac OS X 10.4.10
    cpe:2.3:o:apple:mac_os_x:10.4.10
  • Apple Mac OS X 10.4.11
    cpe:2.3:o:apple:mac_os_x:10.4.11
  • Apple Mac OS X Server 10.4
    cpe:2.3:o:apple:mac_os_x_server:10.4
  • Apple Mac OS X Server 10.4.0
    cpe:2.3:o:apple:mac_os_x_server:10.4.0
  • Apple Mac OS X Server 10.4.1
    cpe:2.3:o:apple:mac_os_x_server:10.4.1
  • Apple Mac OS X Server 10.4.2
    cpe:2.3:o:apple:mac_os_x_server:10.4.2
  • Apple Mac OS X Server 10.4.3
    cpe:2.3:o:apple:mac_os_x_server:10.4.3
  • Apple Mac OS X Server 10.4.4
    cpe:2.3:o:apple:mac_os_x_server:10.4.4
  • Apple Mac OS X Server 10.4.5
    cpe:2.3:o:apple:mac_os_x_server:10.4.5
  • Apple Mac OS X Server 10.4.6
    cpe:2.3:o:apple:mac_os_x_server:10.4.6
  • Apple Mac OS X Server 10.4.7
    cpe:2.3:o:apple:mac_os_x_server:10.4.7
  • Apple Mac OS X Server 10.4.8
    cpe:2.3:o:apple:mac_os_x_server:10.4.8
  • Apple Mac OS X Server 10.4.9
    cpe:2.3:o:apple:mac_os_x_server:10.4.9
  • Apple Mac OS X Server 10.4.10
    cpe:2.3:o:apple:mac_os_x_server:10.4.10
  • Apple Mac OS X Server 10.4.11
    cpe:2.3:o:apple:mac_os_x_server:10.4.11
CVSS
Base: 9.3 (as of 02-08-2010 - 15:12)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Windows
    NASL id SAFARI_5_0_1.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.0.1. Such versions are potentially affected by numerous issues in the following components : - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 47888
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47888
    title Safari < 5.0.1 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI5_0_1.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0.1 / 4.1.1. As such, it is potentially affected by numerous issues in the following components : - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 47887
    published 2010-07-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47887
    title Mac OS X : Apple Safari < 5.0.1 / 4.1.1
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_06A12E26142E11E0BEA20015F2DB7BDE.NASL
    description Gustavo Noronha Silva reports : The patches to fix the following CVEs are included with help from Huzaifa Sidhpurwala from the Red Hat security team.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 51404
    published 2011-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=51404
    title FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (06a12e26-142e-11e0-bea2-0015f2db7bde)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBWEBKIT-110111.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53764
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53764
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-09.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-09 (Multiple packages, Multiple vulnerabilities fixed in 2011) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. FMOD Studio PEAR Mail LVM2 GnuCash xine-lib Last.fm Scrobbler WebKitGTK+ shadow tool suite PEAR unixODBC Resource Agents mrouted rsync XML Security Library xrdb Vino OProfile syslog-ng sFlow Toolkit GNOME Display Manager libsoup CA Certificates Gitolite QtCreator Racer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2017-04-15
    plugin id 79962
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79962
    title GLSA-201412-09 : Multiple packages, Multiple vulnerabilities fixed in 2011
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-039.NASL
    description Multiple cross-site scripting, denial of service and arbitrary code execution security flaws were discovered in webkit. Please consult the CVE web links for further information. The updated packages have been upgraded to the latest version (1.2.7) to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 52523
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52523
    title Mandriva Linux Security Advisory : webkit (MDVSA-2011:039)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBWEBKIT-110104.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75629
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75629
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family Peer-To-Peer File Sharing
    NASL id ITUNES_10_0_BANNER.NASL
    description The version of Apple iTunes on the remote host is prior to version 10.0. It is, therefore, affected by multiple vulnerabilities in the WebKit component. Note that these only affect WebKit for Windows.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49087
    published 2010-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49087
    title Apple iTunes < 10.0 Multiple Vulnerabilities (uncredentialed check)
  • NASL family Windows
    NASL id ITUNES_10_0.NASL
    description The version of Apple iTunes installed on the remote Windows host is older than 10.0. Such versions are affected by numerous issues in the WebKit component.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 49086
    published 2010-09-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49086
    title Apple iTunes < 10.0 Multiple (credentialed check)
oval via4
accepted 2013-12-30T04:00:08.070-05:00
class vulnerability
contributors
  • name Antu Sanadi
    organization SecPod Technologies
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a JavaScript array index.
family windows
id oval:org.mitre.oval:def:11802
status accepted
submitted 2010-07-31T03:34:03
title error in WebKit in Apple Safari before 5.0.1 related to vectors involving a JavaScript array index.
version 14
refmap via4
apple
  • APPLE-SA-2010-07-28-1
  • APPLE-SA-2010-09-08-1
  • APPLE-SA-2010-11-22-1
bid 42020
confirm
mandriva MDVSA-2011:039
secunia
  • 42314
  • 43068
suse SUSE-SR:2011:002
vupen
  • ADV-2011-0212
  • ADV-2011-0552
Last major update 17-03-2011 - 22:49
Published 30-07-2010 - 16:30
Last modified 18-09-2017 - 21:30
Back to Top