ID CVE-2010-1806
Summary Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
References
Vulnerable Configurations
  • cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:5.0.1:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-11-04T04:00:09.918-05:00
class vulnerability
contributors
  • name J. Daniel Brown
    organization DTCC
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.
family windows
id oval:org.mitre.oval:def:11729
status accepted
submitted 2010-09-10T17:30:00.000-05:00
title WebKit Element Run-In Styling Use-After-Free Remote Code Execution Vulnerability
version 10
refmap via4
apple
  • APPLE-SA-2010-09-07-1
  • APPLE-SA-2010-11-22-1
bid 43049
confirm
secunia 42314
vupen ADV-2010-3046
Last major update 19-09-2017 - 01:30
Published 10-09-2010 - 19:00
Back to Top