CVE-2010-1815

2010-09-0922:00:01

CWE-399

apple

web.nvd.nist.gov

cve-2010-1815

use-after-free vulnerability

webkit

apple ios

remote code execution

denial of service

scrollbars

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

Confidence

High

EPSS

0.853

Percentile

98.6%

JSON

Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving scrollbars.

Affected configurations

Nvd

Node

appleiphone_osRange<4.1

AND

appleipod_touchMatch-

appleiphone_osMatch-

Node

webkitgtkwebkitgtkRange<1.2.6

Node

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04lts

canonicalubuntu_linuxMatch10.10

VendorProductVersionCPE
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appleipod_touch-cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*
appleiphone_os-cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*
webkitgtkwebkitgtk*cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
canonicalubuntu_linux9.10cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*
canonicalubuntu_linux10.10cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	ipod_touch	-	cpe:2.3:h:apple:ipod_touch:-:::::::*
apple	iphone_os	-	cpe:2.3:o:apple:iphone_os:-:::::::*
webkitgtk	webkitgtk	*	cpe:2.3:a:webkitgtk:webkitgtk::::::::
canonical	ubuntu_linux	9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
canonical	ubuntu_linux	10.04	cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts:::
canonical	ubuntu_linux	10.10	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*