CVE-2010-1806

2010-09-1019:00:02

CWE-399

apple

web.nvd.nist.gov

cve-2010-1806

apple safari

vulnerability

code execution

denial of service

nvd

run-in styling

object pointers

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.045

Percentile

92.5%

JSON

Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via run-in styling in an element, related to object pointers.

Affected configurations

Nvd

Node

applesafariMatch4.0

applesafariMatch4.0.0b

applesafariMatch4.0.1

applesafariMatch4.0.2

applesafariMatch4.0.3

applesafariMatch4.0.4

applesafariMatch4.0.5

applesafariMatch4.1

applesafariMatch5.0

applesafariMatch5.0.1

VendorProductVersionCPE
applesafari5.0cpe:/a:apple:safari:5.0:::
applesafari4.0.4cpe:/a:apple:safari:4.0.4:::
applesafari4.1cpe:/a:apple:safari:4.1:::
applesafari5.0.1cpe:/a:apple:safari:5.0.1:::
applesafari4.0.3cpe:/a:apple:safari:4.0.3:::
applesafari4.0.2cpe:/a:apple:safari:4.0.2:::
applesafari4.0.1cpe:/a:apple:safari:4.0.1:::
applesafari4.0.0bcpe:/a:apple:safari:4.0.0b:::
applesafari4.0cpe:/a:apple:safari:4.0:::
applesafari4.0.5cpe:/a:apple:safari:4.0.5:::

Vendor	Product	Version	CPE
apple	safari	5.0	cpe:/a:apple:safari:5.0:::
apple	safari	4.0.4	cpe:/a:apple:safari:4.0.4:::
apple	safari	4.1	cpe:/a:apple:safari:4.1:::
apple	safari	5.0.1	cpe:/a:apple:safari:5.0.1:::
apple	safari	4.0.3	cpe:/a:apple:safari:4.0.3:::
apple	safari	4.0.2	cpe:/a:apple:safari:4.0.2:::
apple	safari	4.0.1	cpe:/a:apple:safari:4.0.1:::
apple	safari	4.0.0b	cpe:/a:apple:safari:4.0.0b:::
apple	safari	4.0	cpe:/a:apple:safari:4.0:::
apple	safari	4.0.5	cpe:/a:apple:safari:4.0.5:::