CVE-2010-1807

EPSS 80.55%
Veröffentlicht 10.09.2010 19:00:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 25

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ Safari Version4.0

Apple ≫ Safari Version4.0 Updatebeta

Apple ≫ Safari Version4.0.0b

Apple ≫ Safari Version4.0.1

Apple ≫ Safari Version4.0.2

Apple ≫ Safari Version4.0.3

Apple ≫ Safari Version4.0.4

Apple ≫ Safari Version4.0.5

Apple ≫ Safari Version4.1

Apple ≫ Safari Version4.1.1

Apple ≫ Safari Version5.0

Apple ≫ Safari Version5.0.1

Google ≫ Android Version <= 2.1

Google ≫ Android Version1.0

Google ≫ Android Version1.1

Google ≫ Android Version1.5

Google ≫ Android Version1.6

Google ≫ Android Version2.0

Webkitgtk ≫ Webkitgtk Version <= 1.2.5

Webkitgtk ≫ Webkitgtk Version1.2.0

Webkitgtk ≫ Webkitgtk Version1.2.1

Webkitgtk ≫ Webkitgtk Version1.2.2

Webkitgtk ≫ Webkitgtk Version1.2.3

Webkitgtk ≫ Webkitgtk Version1.2.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	80.55%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/43068

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://secunia.com/advisories/42314

http://support.apple.com/kb/HT4456

http://www.vupen.com/english/advisories/2010/3046

Vendor Advisory

http://secunia.com/advisories/41856

Vendor Advisory