Lucene search

[email protected]NVD:CVE-2010-1387

HistoryJun 18, 2010 - 4:30 p.m.

CVE-2010-1387

2010-06-1816:30:01

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.7

Confidence

High

EPSS

0.069

Percentile

93.9%

JSON

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

Affected configurations

Nvd

Node

appleitunesRange≤9.0.3

appleitunesMatch4.0.0

appleitunesMatch4.0.1

appleitunesMatch4.1.0

appleitunesMatch4.2.0

appleitunesMatch4.5

appleitunesMatch4.5.0

appleitunesMatch4.6

appleitunesMatch4.6.0

appleitunesMatch4.7

appleitunesMatch4.7.0

appleitunesMatch4.7.1

appleitunesMatch4.7.2

appleitunesMatch4.8.0

appleitunesMatch4.9.0

appleitunesMatch5.0

appleitunesMatch5.0.0

appleitunesMatch5.0.1

appleitunesMatch6.0.0

appleitunesMatch6.0.1

appleitunesMatch6.0.2

appleitunesMatch6.0.3

appleitunesMatch6.0.4

appleitunesMatch6.0.4.2

appleitunesMatch6.0.5

appleitunesMatch7.0.0

appleitunesMatch7.0.1

appleitunesMatch7.0.2

appleitunesMatch7.1.0

appleitunesMatch7.1.1

appleitunesMatch7.2.0

appleitunesMatch7.3.0

appleitunesMatch7.3.1

appleitunesMatch7.3.2

appleitunesMatch7.4

appleitunesMatch7.4.0

appleitunesMatch7.4.1

appleitunesMatch7.4.2

appleitunesMatch7.4.3

appleitunesMatch7.5

appleitunesMatch7.5.0

appleitunesMatch7.6

appleitunesMatch7.6.0

appleitunesMatch7.6.1

appleitunesMatch7.6.2

appleitunesMatch7.7

appleitunesMatch7.7.0

appleitunesMatch7.7.1

appleitunesMatch8.0.0

appleitunesMatch8.0.1

appleitunesMatch8.0.2

appleitunesMatch8.1

appleitunesMatch8.1.1

appleitunesMatch8.2

appleitunesMatch8.2.1

appleitunesMatch9.0.0

appleitunesMatch9.0.1

appleitunesMatch9.0.2

AND

microsoftwindows

Node

appleiphone_osRange≤3.2.1

appleiphone_osMatch1.0.0

appleiphone_osMatch1.0.1

appleiphone_osMatch1.0.2

appleiphone_osMatch1.1.0

appleiphone_osMatch1.1.1

appleiphone_osMatch1.1.2

appleiphone_osMatch1.1.3

appleiphone_osMatch1.1.4

appleiphone_osMatch1.1.5

appleiphone_osMatch2.0

appleiphone_osMatch2.0.0

appleiphone_osMatch2.0.1

appleiphone_osMatch2.0.2

appleiphone_osMatch2.1

appleiphone_osMatch2.1.1

appleiphone_osMatch2.2

appleiphone_osMatch2.2.1

appleiphone_osMatch3.0

appleiphone_osMatch3.0.1

appleiphone_osMatch3.1

appleiphone_osMatch3.1.2

appleiphone_osMatch3.1.3

appleiphone_osMatch3.2

AND

appleipod_touch

appleiphone_os

VendorProductVersionCPE
appleitunes*cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
appleitunes4.0.0cpe:2.3:a:apple:itunes:4.0.0:*:*:*:*:*:*:*
appleitunes4.0.1cpe:2.3:a:apple:itunes:4.0.1:*:*:*:*:*:*:*
appleitunes4.1.0cpe:2.3:a:apple:itunes:4.1.0:*:*:*:*:*:*:*
appleitunes4.2.0cpe:2.3:a:apple:itunes:4.2.0:*:*:*:*:*:*:*
appleitunes4.5cpe:2.3:a:apple:itunes:4.5:*:*:*:*:*:*:*
appleitunes4.5.0cpe:2.3:a:apple:itunes:4.5.0:*:*:*:*:*:*:*
appleitunes4.6cpe:2.3:a:apple:itunes:4.6:*:*:*:*:*:*:*
appleitunes4.6.0cpe:2.3:a:apple:itunes:4.6.0:*:*:*:*:*:*:*
appleitunes4.7cpe:2.3:a:apple:itunes:4.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	itunes	*	cpe:2.3:a:apple:itunes::::::::
apple	itunes	4.0.0	cpe:2.3:a:apple:itunes:4.0.0:::::::*
apple	itunes	4.0.1	cpe:2.3:a:apple:itunes:4.0.1:::::::*
apple	itunes	4.1.0	cpe:2.3:a:apple:itunes:4.1.0:::::::*
apple	itunes	4.2.0	cpe:2.3:a:apple:itunes:4.2.0:::::::*
apple	itunes	4.5	cpe:2.3:a:apple:itunes:4.5:::::::*
apple	itunes	4.5.0	cpe:2.3:a:apple:itunes:4.5.0:::::::*
apple	itunes	4.6	cpe:2.3:a:apple:itunes:4.6:::::::*
apple	itunes	4.6.0	cpe:2.3:a:apple:itunes:4.6.0:::::::*
apple	itunes	4.7	cpe:2.3:a:apple:itunes:4.7:::::::*

Rows per page:

1-10 of 841

References

lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/40196

secunia.com/advisories/41856

secunia.com/advisories/42314

secunia.com/advisories/43068

securitytracker.com/id?1024108

support.apple.com/kb/HT4220

support.apple.com/kb/HT4225

support.apple.com/kb/HT4456

www.mandriva.com/security/advisories?name=MDVSA-2011:039

www.securityfocus.com/bid/41016

www.ubuntu.com/usn/USN-1006-1

www.vupen.com/english/advisories/2010/1512

www.vupen.com/english/advisories/2010/2722

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0552

exchange.xforce.ibmcloud.com/vulnerabilities/59506

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.7

Confidence

High

EPSS

0.069

Percentile

93.9%

JSON

Related for NVD:CVE-2010-1387

openvas5 cve3 cvelist3 prion3 ubuntucve3 debiancve3 nvd2 nessus7