10

CVE-2010-1119

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version <= 4.0.5
   MicrosoftWindows
AppleSafari Version1.0
   MicrosoftWindows
AppleSafari Version1.0 Updatebeta
   MicrosoftWindows
AppleSafari Version1.0 Updatebeta2
   MicrosoftWindows
AppleSafari Version1.0.0
   MicrosoftWindows
AppleSafari Version1.0.0b1
   MicrosoftWindows
AppleSafari Version1.0.0b2
   MicrosoftWindows
AppleSafari Version1.0.1
   MicrosoftWindows
AppleSafari Version1.0.2
   MicrosoftWindows
AppleSafari Version1.0.3
   MicrosoftWindows
AppleSafari Version1.0.3 Update85.8
   MicrosoftWindows
AppleSafari Version1.0.3 Update85.8.1
   MicrosoftWindows
AppleSafari Version1.1
   MicrosoftWindows
AppleSafari Version1.1.0
   MicrosoftWindows
AppleSafari Version1.1.1
   MicrosoftWindows
AppleSafari Version1.2
   MicrosoftWindows
AppleSafari Version1.2.0
   MicrosoftWindows
AppleSafari Version1.2.1
   MicrosoftWindows
AppleSafari Version1.2.2
   MicrosoftWindows
AppleSafari Version1.2.3
   MicrosoftWindows
AppleSafari Version1.2.4
   MicrosoftWindows
AppleSafari Version1.2.5
   MicrosoftWindows
AppleSafari Version1.3
   MicrosoftWindows
AppleSafari Version1.3.0
   MicrosoftWindows
AppleSafari Version1.3.1
   MicrosoftWindows
AppleSafari Version1.3.2
   MicrosoftWindows
AppleSafari Version1.3.2 Update312.5
   MicrosoftWindows
AppleSafari Version1.3.2 Update312.6
   MicrosoftWindows
AppleSafari Version2
   MicrosoftWindows
AppleSafari Version2.0
   MicrosoftWindows
AppleSafari Version2.0.0
   MicrosoftWindows
AppleSafari Version2.0.1
   MicrosoftWindows
AppleSafari Version2.0.2
   MicrosoftWindows
AppleSafari Version2.0.3
   MicrosoftWindows
AppleSafari Version2.0.3 Update417.8
   MicrosoftWindows
AppleSafari Version2.0.3 Update417.9
   MicrosoftWindows
AppleSafari Version2.0.3 Update417.9.2
   MicrosoftWindows
AppleSafari Version2.0.3 Update417.9.3
   MicrosoftWindows
AppleSafari Version2.0.4
   MicrosoftWindows
AppleSafari Version3
   MicrosoftWindows
AppleSafari Version3.0
   MicrosoftWindows
AppleSafari Version3.0.0
   MicrosoftWindows
AppleSafari Version3.0.0b
   MicrosoftWindows
AppleSafari Version3.0.1
   MicrosoftWindows
AppleSafari Version3.0.1 Updatebeta
   MicrosoftWindows
AppleSafari Version3.0.1b
   MicrosoftWindows
AppleSafari Version3.0.2
   MicrosoftWindows
AppleSafari Version3.0.2b
   MicrosoftWindows
AppleSafari Version3.0.3
   MicrosoftWindows
AppleSafari Version3.0.3b
   MicrosoftWindows
AppleSafari Version3.0.4
   MicrosoftWindows
AppleSafari Version3.0.4b
   MicrosoftWindows
AppleSafari Version3.1
   MicrosoftWindows
AppleSafari Version3.1.0
   MicrosoftWindows
AppleSafari Version3.1.0b
   MicrosoftWindows
AppleSafari Version3.1.1
   MicrosoftWindows
AppleSafari Version3.1.2
   MicrosoftWindows
AppleSafari Version3.2.0
   MicrosoftWindows
AppleSafari Version3.2.1
   MicrosoftWindows
AppleSafari Version3.2.2
   MicrosoftWindows
AppleSafari Version3.2.3
   MicrosoftWindows
AppleSafari Version4.0
   MicrosoftWindows
AppleSafari Version4.0 Updatebeta
   MicrosoftWindows
AppleSafari Version4.0.0b
   MicrosoftWindows
AppleSafari Version4.0.1
   MicrosoftWindows
AppleSafari Version4.0.2
   MicrosoftWindows
AppleSafari Version4.0.3
   MicrosoftWindows
AppleSafari Version4.0.4
   MicrosoftWindows
AppleSafari Version4.1
   MicrosoftWindows
ApplemacOS X Version10.5
   MicrosoftWindows
ApplemacOS X Version10.5.0
   MicrosoftWindows
ApplemacOS X Version10.5.1
   MicrosoftWindows
ApplemacOS X Version10.5.2
   MicrosoftWindows
ApplemacOS X Version10.5.3
   MicrosoftWindows
ApplemacOS X Version10.5.4
   MicrosoftWindows
ApplemacOS X Version10.5.5
   MicrosoftWindows
ApplemacOS X Version10.5.6
   MicrosoftWindows
ApplemacOS X Version10.5.7
   MicrosoftWindows
ApplemacOS X Version10.5.8
   MicrosoftWindows
ApplemacOS X Version10.6.0
   MicrosoftWindows
ApplemacOS X Server Version10.5.0
   MicrosoftWindows
ApplemacOS X Server Version10.5.1
   MicrosoftWindows
ApplemacOS X Server Version10.5.2
   MicrosoftWindows
ApplemacOS X Server Version10.5.3
   MicrosoftWindows
ApplemacOS X Server Version10.5.4
   MicrosoftWindows
ApplemacOS X Server Version10.5.5
   MicrosoftWindows
ApplemacOS X Server Version10.5.6
   MicrosoftWindows
ApplemacOS X Server Version10.5.7
   MicrosoftWindows
ApplemacOS X Server Version10.5.8
   MicrosoftWindows
ApplemacOS X Server Version10.6.0
   MicrosoftWindows
ApplemacOS X Server Version10.6.1
   MicrosoftWindows
ApplemacOS X Server Version10.6.2
   MicrosoftWindows
ApplemacOS X Server Version10.6.3
   MicrosoftWindows
ApplemacOS X Server Version10.6.4
   MicrosoftWindows
AppleiPhone OS Version2.0
AppleiPhone OS Version2.0.0
AppleiPhone OS Version2.0.1
AppleiPhone OS Version2.0.2
AppleiPhone OS Version2.1
AppleiPhone OS Version2.1.1
AppleiPhone OS Version2.2
AppleiPhone OS Version2.2.1
AppleiPhone OS Version3.0
AppleiPhone OS Version3.0.1
AppleiPhone OS Version3.1
AppleiPhone OS Version3.1.2
AppleiPhone OS Version3.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 19.02% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html
Vendor Advisory
http://support.apple.com/kb/HT4225
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
Patch
Vendor Advisory
http://secunia.com/advisories/40105
Vendor Advisory
http://secunia.com/advisories/40196
Vendor Advisory
http://support.apple.com/kb/HT4196
Vendor Advisory
http://support.apple.com/kb/HT4220
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1373
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1512
Vendor Advisory
http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010
http://news.cnet.com/8301-27080_3-20001126-245.html
http://securityreason.com/securityalert/8128
http://securitytracker.com/id?1024067
http://twitter.com/thezdi/statuses/11001080021
http://www.securityfocus.com/bid/40620
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7037