Lucene search

[email protected]CVE-2010-0647

HistoryFeb 18, 2010 - 6:00 p.m.

CVE-2010-0647

2010-02-1818:00:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2010-0647

webkit

remote code execution

ruby element

google chrome

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.2 High

AI Score

Confidence

High

0.061 Low

EPSS

Percentile

93.6%

JSON

WebKit before r53525, as used in Google Chrome before 4.0.249.89, allows remote attackers to execute arbitrary code in the Chrome sandbox via a malformed RUBY element, as demonstrated by a <ruby>><table><rt> sequence.

Affected configurations

NVD

Node

applewebkitRange≤r53475

AND

googlechromeRange≤4.0.249.78

googlechromeMatch0.2.149.27

googlechromeMatch0.2.149.29

googlechromeMatch0.2.149.30

googlechromeMatch0.2.152.1

googlechromeMatch0.2.153.1

googlechromeMatch0.3.154.0

googlechromeMatch0.3.154.3

googlechromeMatch0.4.154.18

googlechromeMatch0.4.154.22

googlechromeMatch0.4.154.31

googlechromeMatch0.4.154.33

googlechromeMatch1.0.154.36

googlechromeMatch1.0.154.39

googlechromeMatch1.0.154.42

googlechromeMatch1.0.154.43

googlechromeMatch1.0.154.46

googlechromeMatch1.0.154.48

googlechromeMatch1.0.154.52

googlechromeMatch1.0.154.53

googlechromeMatch1.0.154.59

googlechromeMatch1.0.154.65

googlechromeMatch2.0.156.1

googlechromeMatch2.0.157.0

googlechromeMatch2.0.157.2

googlechromeMatch2.0.158.0

googlechromeMatch2.0.159.0

googlechromeMatch2.0.169.0

googlechromeMatch2.0.169.1

googlechromeMatch2.0.170.0

googlechromeMatch2.0.172

googlechromeMatch2.0.172.2

googlechromeMatch2.0.172.8

googlechromeMatch2.0.172.27

googlechromeMatch2.0.172.28

googlechromeMatch2.0.172.30

googlechromeMatch2.0.172.31

googlechromeMatch2.0.172.33

googlechromeMatch2.0.172.37

googlechromeMatch2.0.172.38

googlechromeMatch3.0.182.2

googlechromeMatch3.0.190.2

googlechromeMatch3.0.193.2beta

googlechromeMatch3.0.195.21

googlechromeMatch3.0.195.24

googlechromeMatch3.0.195.32

googlechromeMatch3.0.195.33

googlechromeMatch4.0.244.0

CPENameOperatorVersion
apple:webkitapple webkitler53475
google:chromegoogle chromele4.0.249.78
google:chromegoogle chromeeq0.2.149.27
google:chromegoogle chromeeq0.2.149.29
google:chromegoogle chromeeq0.2.149.30
google:chromegoogle chromeeq0.2.152.1
google:chromegoogle chromeeq0.2.153.1
google:chromegoogle chromeeq0.3.154.0
google:chromegoogle chromeeq0.3.154.3
google:chromegoogle chromeeq0.4.154.18

CPE	Name	Operator	Version
apple:webkit	apple webkit	le	r53475
google:chrome	google chrome	le	4.0.249.78
google:chrome	google chrome	eq	0.2.149.27
google:chrome	google chrome	eq	0.2.149.29
google:chrome	google chrome	eq	0.2.149.30
google:chrome	google chrome	eq	0.2.152.1
google:chrome	google chrome	eq	0.2.153.1
google:chrome	google chrome	eq	0.3.154.0
google:chrome	google chrome	eq	0.3.154.3
google:chrome	google chrome	eq	0.4.154.18

Rows per page:

1-10 of 491

References

code.google.com/p/chromium/issues/detail?id=31692

googlechromereleases.blogspot.com/2010/02/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/38545

secunia.com/advisories/41856

secunia.com/advisories/43068

securitytracker.com/id?1023583

sites.google.com/a/chromium.org/dev/Home/chromium-security/chromium-security-bugs

trac.webkit.org/changeset/53525

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.osvdb.org/62317

www.securityfocus.com/bid/38177

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/0361

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

bugs.webkit.org/show_bug.cgi?id=33266

exchange.xforce.ibmcloud.com/vulnerabilities/56214

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14094

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

9.2 High

AI Score

Confidence

High

0.061 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2010-0647

prion1 nvd1 ubuntucve1 debiancve1 cvelist1 openvas5 nessus5