Lucene search

MitreCVE-2010-1939

HistoryMay 13, 2010 - 10:30 p.m.

CVE-2010-1939

2010-05-1322:30:00

CWE-399

mitre

web.nvd.nist.gov

117

cve

2010

1939

apple

safari

windows

vulnerability

execute

arbitrary code

window.open

popup window

html

remote attackers

nvd

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.954

Percentile

99.4%

JSON

Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window’s close method, which triggers improper handling of a deleted window object.

Affected configurations

Nvd

Node

applesafariMatch4.0.5

AND

microsoftwindows

VendorProductVersionCPE
applesafari4.0.5cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	4.0.5	cpe:2.3:a:apple:safari:4.0.5:::::::*
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::

References

h07.w.interia.pl/Safari.rar

reviews.cnet.com/8301-13727_7-20004709-263.html

secunia.com/advisories/39670

securitytracker.com/id?1023958

www.kb.cert.org/vuls/id/943165

www.osvdb.org/64482

www.securityfocus.com/bid/39990

www.vupen.com/english/advisories/2010/1097

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6748

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

Low

EPSS

0.954

Percentile

99.4%

JSON

Related for CVE-2010-1939