Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiWushi of team509ZDI-10-093
HistoryJun 08, 2010 - 12:00 a.m.

Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability

2010-06-0800:00:00
wushi of team509
www.zerodayinitiative.com
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari’s Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within Webkit’s support of character sets. If the IBM1147 character set is applied to a particular element and that element has a text transformation applied to it, the application will attempt to access an object that doesn’t exist in order to perform the transformation. Successful exploitation will lead to code execution under the context of the web-browser.

Related

debiancve 1
securityvulns 3
prion 1
ubuntucve 1
cve 1
checkpoint_advisories 1
openvas 25
fedora 8
nessus 15
freebsd 1
debiancve
debiancve
CVE-2010-1770
2010-06-11 19:30:00
securityvulns
securityvulns
ZDI-10-093: Apple Webkit CSS Charset Text Transformation Remote Code Execution Vulnerability
2010-06-08 00:00:00
Apple Webkit / Safari / Google Chrome multiple security vulnerabilities
2010-06-11 00:00:00
VUPEN Security Research - Apple Safari WebKit HTML Button Use-after-free Vulnerability (CVE-2010-1392)
2010-06-08 00:00:00
prion
prion
Memory corruption
2010-06-11 19:30:00
ubuntucve
ubuntucve
CVE-2010-1770
2010-06-11 00:00:00
cve
cve
CVE-2010-1770
2010-06-11 19:30:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Webkit CSS Charset Text Transformation Code Execution (CVE-2010-1770)
2010-08-04 00:00:00
openvas
openvas
Google Chrome 'WebKit' Multiple Vulnerabilities (Jun 2010) - Windows
2010-06-22 00:00:00
Google Chrome 'WebKit' Multiple Vulnerabilities (Sep 2010) - Linux
2010-10-01 00:00:00
Fedora Update for qt FEDORA-2010-11011
2010-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: qt-4.6.3-8.fc13
2010-07-13 07:40:16
[SECURITY] Fedora 12 Update: qt-4.6.3-8.fc12
2010-07-13 07:43:47
[SECURITY] Fedora 12 Update: webkitgtk-1.2.4-1.fc12
2010-09-21 01:43:18
nessus
nessus
FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (19419b3b-92bd-11df-b140-0015f2db7bde)
2010-07-19 00:00:00
openSUSE Security Update : libwebkit (openSUSE-SU-2010:0458-1)
2014-06-13 00:00:00
Fedora 13 : webkitgtk-1.2.4-1.fc13 (2010-14409)
2010-09-16 00:00:00
freebsd
freebsd
webkit-gtk2 -- Multiple vulnerabilities
2010-07-16 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.965 High

EPSS

Percentile

99.6%

JSON
Related for ZDI-10-093
debiancve1securityvulns3prion1ubuntucve1cve1checkpoint_advisories1openvas25fedora8nessus15freebsd1