Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiWushi of team509ZDI-10-153
HistoryAug 11, 2010 - 12:00 a.m.

Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability

2010-08-1100:00:00
wushi of team509
www.zerodayinitiative.com
13

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.146 Low

EPSS

Percentile

95.7%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari’s Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the library’s process for handling floating elements within an SVG document. During layout of the element, the application will mismanage references to the floating element. Later the application will attempt to destroy this reference triggering corruption. Successful exploitation can lead to code execution under the context of the application.

Related

veracode 1
cve 1
prion 1
debiancve 1
securityvulns 3
ubuntucve 1
nessus 18
openvas 23
freebsd 1
oraclelinux 1
redhat 1
fedora 6
gentoo 1
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:53:16
cve
cve
CVE-2010-1787
2010-07-30 20:30:00
prion
prion
Memory corruption
2010-07-30 20:30:00
debiancve
debiancve
CVE-2010-1787
2010-07-30 20:30:00
securityvulns
securityvulns
ZDI-10-153: Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability
2010-08-14 00:00:00
Apple Webkit / Safari multiple security vulnerabilities
2010-08-14 00:00:00
About the security content of Safari 5.0.1 and Safari 4.1.1
2010-08-08 00:00:00
ubuntucve
ubuntucve
CVE-2010-1787
2010-07-30 00:00:00
nessus
nessus
openSUSE Security Update : libwebkit (openSUSE-SU-2010:0666-1)
2014-06-13 00:00:00
FreeBSD : webkit-gtk2 -- Multiple vulnerabilities (9bcfd7b6-bcda-11df-9a6a-0015f2db7bde)
2010-09-12 00:00:00
Apple iTunes < 10.0 Multiple Vulnerabilities (uncredentialed check)
2010-09-02 00:00:00
openvas
openvas
FreeBSD Ports: webkit-gtk2
2010-10-10 00:00:00
FreeBSD Ports: webkit-gtk2
2010-10-10 00:00:00
Apple Safari Multiple Vulnerabilities - July 10
2010-08-02 00:00:00
freebsd
freebsd
webkit-gtk2 -- Multiple vulnerabilities
2010-09-07 00:00:00
oraclelinux
oraclelinux
webkitgtk security update
2011-02-10 00:00:00
redhat
redhat
(RHSA-2011:0177) Moderate: webkitgtk security update
2011-01-25 00:00:00
fedora
fedora
[SECURITY] Fedora 12 Update: webkitgtk-1.2.4-1.fc12
2010-09-21 01:43:18
[SECURITY] Fedora 13 Update: webkitgtk-1.2.4-1.fc13
2010-09-15 05:40:48
[SECURITY] Fedora 13 Update: webkitgtk-1.2.5-1.fc13
2010-10-19 07:21:56
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.146 Low

EPSS

Percentile

95.7%

JSON
Related for ZDI-10-153
veracode1cve1prion1debiancve1securityvulns3ubuntucve1nessus18openvas23freebsd1oraclelinux1redhat1fedora6gentoo1