Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-1119

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2010-1119
Last Modified 30 Mar 2012 01:40:30
Published 25 Mar 2010 05:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2010-1119

Summary

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

Vulnerable Systems

Operating System

  • Apple Iphone Os 2.0

  • Apple Iphone Os 2.0.0

  • Apple Iphone Os 2.0.1

  • Apple Iphone Os 2.0.2

  • Apple Iphone Os 2.1

  • Apple Iphone Os 2.1.1

  • Apple Iphone Os 2.2

  • Apple Iphone Os 2.2.1

  • Apple Iphone Os 3.0

  • Apple Iphone Os 3.0.1

  • Apple Iphone Os 3.1

  • Apple Iphone Os 3.1.2

  • Apple Iphone Os 3.1.3

  • Apple Mac Os X 10.5

  • Apple Mac Os X 10.5.0

  • Apple Mac Os X 10.5.1

  • Apple Mac Os X 10.5.2

  • Apple Mac Os X 10.5.3

  • Apple Mac Os X 10.5.4

  • Apple Mac Os X 10.5.5

  • Apple Mac Os X 10.5.6

  • Apple Mac Os X 10.5.7

  • Apple Mac Os X 10.5.8

  • Apple Mac Os X 10.6.0

  • Apple Mac Os X Server 10.5.0

  • Apple Mac Os X Server 10.5.1

  • Apple Mac Os X Server 10.5.2

  • Apple Mac Os X Server 10.5.3

  • Apple Mac Os X Server 10.5.4

  • Apple Mac Os X Server 10.5.5

  • Apple Mac Os X Server 10.5.6

  • Apple Mac Os X Server 10.5.7

  • Apple Mac Os X Server 10.5.8

  • Apple Mac Os X Server 10.6.0

  • Apple Mac Os X Server 10.6.1

  • Apple Mac Os X Server 10.6.2

  • Apple Mac Os X Server 10.6.3

  • Apple Mac Os X Server 10.6.4

Application

  • Apple Safari

  • Apple Safari 1.0

  • Apple Safari 1.0.0

  • Apple Safari 1.0.0b1

  • Apple Safari 1.0.0b2

  • Apple Safari 1.0.1

  • Apple Safari 1.0.2

  • Apple Safari 1.0.3

  • Apple Safari 1.1

  • Apple Safari 1.1.0

  • Apple Safari 1.1.1

  • Apple Safari 1.2

  • Apple Safari 1.2.0

  • Apple Safari 1.2.1

  • Apple Safari 1.2.2

  • Apple Safari 1.2.3

  • Apple Safari 1.2.4

  • Apple Safari 1.2.5

  • Apple Safari 1.3

  • Apple Safari 1.3.0

  • Apple Safari 1.3.1

  • Apple Safari 1.3.2

  • Apple Safari 2

  • Apple Safari 2.0

  • Apple Safari 2.0.0

  • Apple Safari 2.0.1

  • Apple Safari 2.0.2

  • Apple Safari 2.0.3

  • Apple Safari 2.0.4

  • Apple Safari 3

  • Apple Safari 3.0

  • Apple Safari 3.0.0

  • Apple Safari 3.0.0b

  • Apple Safari 3.0.1

  • Apple Safari 3.0.1b

  • Apple Safari 3.0.2

  • Apple Safari 3.0.2b

  • Apple Safari 3.0.3

  • Apple Safari 3.0.3b

  • Apple Safari 3.0.4

  • Apple Safari 3.0.4b

  • Apple Safari 3.1

  • Apple Safari 3.1.0

  • Apple Safari 3.1.0b

  • Apple Safari 3.1.1

  • Apple Safari 3.1.2

  • Apple Safari 3.2.0

  • Apple Safari 3.2.1

  • Apple Safari 3.2.2

  • Apple Safari 3.2.3

  • Apple Safari 4.0

  • Apple Safari 4.0.0b

  • Apple Safari 4.0.1

  • Apple Safari 4.0.2

  • Apple Safari 4.0.3

  • Apple Safari 4.0.4

  • Apple Safari 4.0.5

  • Apple Safari 4.1


References

APPLE - APPLE-SA-2010-06-07-1

VUPEN - ADV-2010-1512

VUPEN - ADV-2010-1373

BID - 40620

MISC - http://twitter.com/thezdi/statuses/11001080021

CONFIRM - http://support.apple.com/kb/HT4225

CONFIRM - http://support.apple.com/kb/HT4220

CONFIRM - http://support.apple.com/kb/HT4196

SECTRACK - 1024067

SREASON - 8128

SECUNIA - 40196

SECUNIA - 40105

MISC - http://news.cnet.com/8301-27080_3-20001126-245.html

APPLE - APPLE-SA-2010-06-21-1

APPLE - APPLE-SA-2010-06-16-1

MISC - http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

Related Patches

Apple 2010-06-07 Safari Update 5.0 (Leopard)

Apple 2010-06-07 Safari Update 5.0 (Snow Leopard)

Apple 2010-06-07 Safari Update 4.1 (Tiger)


Last Updated: 27 May 2016 11:00:02