Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-1807

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2010-1807
Last Modified 14 Sep 2012 12:00:00
Published 10 Sep 2010 03:00:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-1807

Summary

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Vulnerable Systems

Operating System

  • Google Android 1.0

  • Google Android 1.1

  • Google Android 1.5

  • Google Android 1.6

  • Google Android 2.0

  • Google Android 2.1

Application

  • Apple Safari 4.0

  • Apple Safari 4.0.0b

  • Apple Safari 4.0.1

  • Apple Safari 4.0.2

  • Apple Safari 4.0.3

  • Apple Safari 4.0.4

  • Apple Safari 4.0.5

  • Apple Safari 4.1

  • Apple Safari 4.1.1

  • Apple Safari 5.0

  • Apple Safari 5.0.1

  • Webkitgtk 1.2.0

  • Webkitgtk 1.2.1

  • Webkitgtk 1.2.2

  • Webkitgtk 1.2.3

  • Webkitgtk 1.2.4

  • Webkitgtk 1.2.5


References

BID - 43047

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=627703

VUPEN - ADV-2011-0552

VUPEN - ADV-2011-0216

VUPEN - ADV-2011-0212

VUPEN - ADV-2010-3046

VUPEN - ADV-2010-2722

UBUNTU - USN-1006-1

REDHAT - RHSA-2011:0177

MANDRIVA - MDVSA-2011:039

MISC - http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack

CONFIRM - http://trac.webkit.org/changeset/64706

CONFIRM - http://support.apple.com/kb/HT4456

CONFIRM - http://support.apple.com/kb/HT4333

SECUNIA - 43086

SECUNIA - 43068

SECUNIA - 42314

SECUNIA - 41856

SUSE - SUSE-SR:2011:002

APPLE - APPLE-SA-2010-09-07-1

APPLE - APPLE-SA-2010-11-22-1

Related Patches

Apple 2010-09-07 Safari Update 5.0.2 (Snow Leopard)

Apple 2010-09-07 Safari Update 5.0.2 (Leopard)

Apple 2010-09-07 Safari Update 4.1.2 (Tiger)


Last Updated: 27 May 2016 10:56:34