ID CVE-2010-1806
Summary Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
References
Vulnerable Configurations
  • Apple Safari 4.0.0b
    cpe:2.3:a:apple:safari:4.0.0b
  • Apple Safari 4.0
    cpe:2.3:a:apple:safari:4.0
  • Apple Safari 4.0.1
    cpe:2.3:a:apple:safari:4.0.1
  • Apple Safari 4.0.2
    cpe:2.3:a:apple:safari:4.0.2
  • Apple Safari 4.0.3
    cpe:2.3:a:apple:safari:4.0.3
  • Apple Safari 4.0.4
    cpe:2.3:a:apple:safari:4.0.4
  • Apple Safari 4.0.5
    cpe:2.3:a:apple:safari:4.0.5
  • Apple Safari 4.1
    cpe:2.3:a:apple:safari:4.1
  • Apple Safari 5.0
    cpe:2.3:a:apple:safari:5.0
  • Apple Safari 5.0.1
    cpe:2.3:a:apple:safari:5.0.1
CVSS
Base: 9.3 (as of 13-09-2010 - 15:02)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI5_0_2.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 5.0.2 / 4.1.2. As such, it is potentially affected by several issues in the following component : - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 49143
    published 2010-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49143
    title Mac OS X : Apple Safari < 5.0.2 / 4.1.2
  • NASL family Windows
    NASL id SAFARI_5_0_2.NASL
    description The version of Safari installed on the remote Windows host is earlier than 5.0.2. Such versions are potentially affected by several issues in the following components : - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 49144
    published 2010-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49144
    title Safari < 5.0.2 Multiple Vulnerabilities
oval via4
accepted 2013-11-04T04:00:09.918-05:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
family windows
id oval:org.mitre.oval:def:11729
status accepted
submitted 2010-09-10T17:30:00.000-05:00
title WebKit Element Run-In Styling Use-After-Free Remote Code Execution Vulnerability
version 10
refmap via4
apple
  • APPLE-SA-2010-09-07-1
  • APPLE-SA-2010-11-22-1
bid 43049
confirm
secunia 42314
vupen ADV-2010-3046
Last major update 18-07-2011 - 22:37
Published 10-09-2010 - 15:00
Last modified 18-09-2017 - 21:30
Back to Top