Lucene search

[email protected]CVE-2010-1770

HistoryJun 11, 2010 - 7:30 p.m.

CVE-2010-1770

2010-06-1119:30:20

CWE-94

[email protected]

web.nvd.nist.gov

cve

webkit

apple safari

google chrome

remote code execution

memory corruption

application crash

type checking issue

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.7 High

AI Score

Confidence

High

0.965 High

EPSS

Percentile

99.6%

JSON

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a “type checking issue.”

Affected configurations

NVD

Node

applesafariRange≤4.0.5

applewebkit

AND

applemac_os_xMatch10.5

applemac_os_xMatch10.5.0

applemac_os_xMatch10.5.1

applemac_os_xMatch10.5.2

applemac_os_xMatch10.5.3

applemac_os_xMatch10.5.4

applemac_os_xMatch10.5.5

applemac_os_xMatch10.5.6

applemac_os_xMatch10.5.7

applemac_os_xMatch10.5.8

applemac_os_xMatch10.6.0

applemac_os_xMatch10.6.1

applemac_os_xMatch10.6.2

applemac_os_xMatch10.6.3

applemac_os_x_serverMatch10.5

applemac_os_x_serverMatch10.5.0

applemac_os_x_serverMatch10.5.1

applemac_os_x_serverMatch10.5.2

applemac_os_x_serverMatch10.5.3

applemac_os_x_serverMatch10.5.4

applemac_os_x_serverMatch10.5.5

applemac_os_x_serverMatch10.5.6

applemac_os_x_serverMatch10.5.7

applemac_os_x_serverMatch10.5.8

applemac_os_x_serverMatch10.6.0

applemac_os_x_serverMatch10.6.1

applemac_os_x_serverMatch10.6.2

applemac_os_x_serverMatch10.6.3

microsoftwindows_7

microsoftwindows_vista

microsoftwindows_xpsp2

microsoftwindows_xpsp3

Node

applesafariRange≤4.0.5

applewebkit

AND

applemac_os_xMatch10.4

applemac_os_xMatch10.4.0

applemac_os_xMatch10.4.1

applemac_os_xMatch10.4.2

applemac_os_xMatch10.4.3

applemac_os_xMatch10.4.4

applemac_os_xMatch10.4.5

applemac_os_xMatch10.4.6

applemac_os_xMatch10.4.7

applemac_os_xMatch10.4.8

applemac_os_xMatch10.4.9

applemac_os_xMatch10.4.10

applemac_os_xMatch10.4.11

applemac_os_x_serverMatch10.4

applemac_os_x_serverMatch10.4.0

applemac_os_x_serverMatch10.4.1

applemac_os_x_serverMatch10.4.2

applemac_os_x_serverMatch10.4.3

applemac_os_x_serverMatch10.4.4

applemac_os_x_serverMatch10.4.5

applemac_os_x_serverMatch10.4.6

applemac_os_x_serverMatch10.4.7

applemac_os_x_serverMatch10.4.8

applemac_os_x_serverMatch10.4.9

applemac_os_x_serverMatch10.4.10

applemac_os_x_serverMatch10.4.11

Node

googlechromeRange<5.0.375.70

Node

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch10.04.4lts

canonicalubuntu_linuxMatch10.10

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

susesuse_linux_enterprise_desktopMatch10sp3

susesuse_linux_enterprise_desktopMatch11sp1

susesuse_linux_enterprise_serverMatch10sp3

susesuse_linux_enterprise_serverMatch11sp1

CPENameOperatorVersion
apple:safariapple safarile4.0.5
apple:webkitapple webkiteq*

CPE	Name	Operator	Version
apple:safari	apple safari	le	4.0.5
apple:webkit	apple webkit	eq	*

References

code.google.com/p/chromium/issues/detail?id=43487

googlechromereleases.blogspot.com/2010/06/stable-channel-update.html

lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2010//Sep/msg00002.html

lists.apple.com/archives/security-announce/2010/Jun/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40072

secunia.com/advisories/40105

secunia.com/advisories/40196

secunia.com/advisories/41856

secunia.com/advisories/42314

secunia.com/advisories/43068

securitytracker.com/id?1024067

support.apple.com/kb/HT4196

support.apple.com/kb/HT4220

support.apple.com/kb/HT4334

support.apple.com/kb/HT4456

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.securityfocus.com/bid/40620

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/1373

www.vupen.com/english/advisories/2010/1512

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

zerodayinitiative.com/advisories/ZDI-10-093/

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7099

Social References

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.7 High

AI Score

Confidence

High

0.965 High

EPSS

Percentile

99.6%

JSON

Related for CVE-2010-1770

checkpoint_advisories1 zdi1 nvd1 debiancve1 ubuntucve1 securityvulns3 prion1 cvelist1 openvas25 fedora8 nessus16 freebsd1