1. CVE-Search
  2. CVE-2010-1939
ID CVE-2010-1939
Summary Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. CWE-416 'Use After Free' http://cwe.mitre.org/data/definitions/416.html
References
Vulnerable Configurations
  • cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 19-09-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-11-11T04:02:17.798-05:00
class vulnerability
contributors
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
definition_extensions
comment Apple Safari is installed
oval oval:org.mitre.oval:def:6325
description Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
family windows
id oval:org.mitre.oval:def:6748
status accepted
submitted 2010-05-17T03:34:03
title Use-after-free vulnerability in Apple Safari 4.0.5
version 10
refmap via4
bid 39990
cert-vn VU#943165
misc
osvdb 64482
sectrack 1023958
secunia 39670
vupen ADV-2010-1097
saint via4
bid 39990
description Apple Safari parent.close() Invalid Pointer Code Execution
id web_client_safari
osvdb 64482
title safari_parent_close_invalid_pointer
type client
Last major update 19-09-2017 - 01:30
Published 13-05-2010 - 22:30
Last modified 19-09-2017 - 01:30
Back to Top