9.3

CVE-2010-1807

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version4.0
AppleSafari Version4.0 Updatebeta
AppleSafari Version4.0.0b
AppleSafari Version4.0.1
AppleSafari Version4.0.2
AppleSafari Version4.0.3
AppleSafari Version4.0.4
AppleSafari Version4.0.5
AppleSafari Version4.1
AppleSafari Version4.1.1
AppleSafari Version5.0
AppleSafari Version5.0.1
GoogleAndroid Version <= 2.1
GoogleAndroid Version1.0
GoogleAndroid Version1.1
GoogleAndroid Version1.5
GoogleAndroid Version1.6
GoogleAndroid Version2.0
WebkitgtkWebkitgtk Version <= 1.2.5
WebkitgtkWebkitgtk Version1.2.0
WebkitgtkWebkitgtk Version1.2.1
WebkitgtkWebkitgtk Version1.2.2
WebkitgtkWebkitgtk Version1.2.3
WebkitgtkWebkitgtk Version1.2.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 61.32% 0.99
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/43068
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0212
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://secunia.com/advisories/42314
http://support.apple.com/kb/HT4456
http://www.vupen.com/english/advisories/2010/3046
Vendor Advisory
http://secunia.com/advisories/41856
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039
http://www.ubuntu.com/usn/USN-1006-1
http://www.vupen.com/english/advisories/2010/2722
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0552
Vendor Advisory
http://secunia.com/advisories/43086
Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2011-0177.html
http://www.vupen.com/english/advisories/2011/0216
Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html
Vendor Advisory
http://support.apple.com/kb/HT4333
Vendor Advisory
http://trac.webkit.org/changeset/64706
http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack
http://www.securityfocus.com/bid/43047
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=627703
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964