Lucene search

[email protected]NVD:CVE-2010-1939

HistoryMay 13, 2010 - 10:30 p.m.

CVE-2010-1939

2010-05-1322:30:00

CWE-399

[email protected]

web.nvd.nist.gov

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.954

Percentile

99.4%

JSON

Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window’s close method, which triggers improper handling of a deleted window object.

Affected configurations

Nvd

Node

applesafariMatch4.0.5

AND

microsoftwindows

VendorProductVersionCPE
applesafari4.0.5cpe:2.3:a:apple:safari:4.0.5:*:*:*:*:*:*:*
microsoftwindows*cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apple	safari	4.0.5	cpe:2.3:a:apple:safari:4.0.5:::::::*
microsoft	windows	*	cpe:2.3:o:microsoft:windows::::::::

References

h07.w.interia.pl/Safari.rar

reviews.cnet.com/8301-13727_7-20004709-263.html

secunia.com/advisories/39670

securitytracker.com/id?1023958

www.kb.cert.org/vuls/id/943165

www.osvdb.org/64482

www.securityfocus.com/bid/39990

www.vupen.com/english/advisories/2010/1097

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6748

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.954

Percentile

99.4%

JSON

Related for NVD:CVE-2010-1939

cvelist1 prion1 saint4 cve1 debiancve1 checkpoint_advisories3 exploitdb2 openvas2 cert1