ID

VAR-201003-1084


CVE

CVE-2010-1119


TITLE

Apple Safari of WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001548

DESCRIPTION

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010. This vulnerability allows remote attackers to execute remote code on vulnerable installations of Apple Webkit. User interaction is required in that a target must be coerced into visiting a malicious page.The specific flaw exists within Webkit's process for destructing attribute objects via the removeChild method. If an attribute's child object is accessed after the attribute was removed from the document, an invalid pointer is referenced. This can be exploited by an attacker to execute remote code under the context of the user running the browser. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-06-07-1. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information-disclosure, remote code-execution, denial-of-service, or other consequences. This BID is being retired. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Apple Safari Multiple Vulnerabilities SECUNIA ADVISORY ID: SA40105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 RELEASE DATE: 2010-06-09 DISCUSS ADVISORY: http://secunia.com/advisories/40105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct spoofing or cross-site scripting attacks, and potentially compromise a user's system. 1) An error when processing ColorSync profiles embedded in a specially crafted image can be exploited to potentially execute arbitrary code. This is related to vulnerability #2 in: SA36096 2) The browser follows links containing arbitrary user information without warning, which can be exploited to facilitate phishing attacks via specially crafted URLs. 4) An error in WebKit when handling clipboard URLs can be exploited to disclose sensitive files if a user is tricked into dragging or pasting links or images to a malicious website. 5) An error in WebKit when a selection from a website is dragged or pasted into another website can be exploited to potentially execute arbitrary JavaScript code in the context of the destination website. 6) An error in WebKit when handling UTF-7 encoded text can be exploited to leave an HTML quoted string unterminated and facilitate cross-site scripting attacks. 7) An input sanitation error in WebKit when handling Local Storage and Web SQL databases can be exploited to create database files in arbitrary directories via directory traversal attacks. 10) An error in WebKit when handling HTML document fragments can be exploited to execute arbitrary JavaScript code in a legitimate context processing foreign HTML fragments. 11) An error in WebKit when handling keyboard focus can be exploited to deliver key press events intended for a different frame. 12) An error in WebKit when handling DOM constructor objects can be exploited to conduct cross-site scripting attacks. 13) A use-after-free error in WebKit when handling the removal of container elements can be exploited to potentially execute arbitrary code. 14) A use-after-free error in WebKit when rendering a selection at the time of a layout change can be exploited to potentially execute arbitrary code. 15) An error in WebKit when handling ordered list insertions can be exploited to corrupt memory and potentially execute arbitrary code. 16) An uninitialised memory access error in WebKit when handling selection changes on form input elements can be exploited to potentially execute arbitrary code. 18) A use-after-free error in WebKit when handling the ":first-letter" pseudo-element in cascading stylesheets can be exploited to potentially execute arbitrary code. 19) A double-free error in WebKit when handling event listeners in SVG documents can be exploited to potentially execute arbitrary code. 20) An uninitialised memory access error in WebKit when handling "use" elements in SVG documents can be exploited to potentially execute arbitrary code. 21) A use-after-free error in WebKit when handling SVG documents with multiple "use" elements can be exploited to potentially execute arbitrary code. 22) An error in WebKit when handling nested "use" elements in SVG documents can be exploited to corrupt memory and potentially execute arbitrary code. 24) A use-after-free error in WebKit when handling HTML elements with custom vertical positioning can be exploited to potentially execute arbitrary code. 25) An error exists in WebKit when visiting HTTPS websites redirecting to HTTP websites. This can be exploited to disclose potentially sensitive information contained in the HTTPS URL by reading the "Referer" header. 26) An integer truncation error in WebKit when handling TCP requests can be exploited to pass arbitrary data to arbitrary TCP ports. 27) An error in WebKit when processing connections to IRC ports can be exploited to send arbitrary data to arbitrary IRC servers. 29) An error in WebKit can be exploited to read NTLM credentials that are incorrectly transmitted in plain-text via Man-in-the-Middle (MitM) attacks. 32) An error in WebKit when handling a canvas with an SVG image pattern can be exploited to load and capture an image from another website. 33) An error in WebKit when rendering CSS-styled HTML content with multiple ":after" pseudo-selectors can be exploited to corrupt memory and potentially execute arbitrary code. 34) An error in WebKit when handling the "src" attribute of a frame element can be exploited to facilitate cross-site scripting attacks. 36) An error in the implementation of the JavaScript "execCommand" function can be exploited to modify the contents of the clipboard. 38) A use-after-free error in WebKit when handling DOM "Range" objects can be exploited to potentially execute arbitrary code. 40) A use-after-free error in WebKit when rendering HTML document subtrees can be exploited to potentially execute arbitrary code. 41) An error in WebKit when handling HTML content in "textarea" elements can be exploited to conduct cross-site scripting attacks. 42) An error in WebKit when visiting a website which redirects form submissions to a redirecting website can be exploited disclose submitted data. 43) A type checking error in WebKit when handling text nodes can be exploited to potentially execute arbitrary code. 45) An error in WebKit when handling HTML tables can be exploited to trigger an out-of-bounds memory access and potentially execute arbitrary code. 46) An error in WebKit when handling the CSS ":visited" pseudo-class can be exploited to disclose visited websites. SOLUTION: Update to version 4.1 (available only for Mac OS X v10.4 systems) or upgrade to version 5.0. PROVIDED AND/OR DISCOVERED BY: 37) Michal Zalewski The vendor also credits: 1) Chris Evans of the Google Security Team, and Andrzej Dyjak 2) Abhishek Arya of Google 3) Borja Marcos of Sarenet 4) Eric Seidel of Google 5) Paul Stone of Context Information Security 6) Masahiro Yamada 8) Matthieu Bonetti of Vupen 9) Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative 10, 41) Eduardo Vela Nava (sirdarckcat) of Google 11) Michal Zalewski of Google 12) Gianni "gf3" Chiappetta of Runlevel6 13, 15, 16, 18, 19, 20, 21, 23, 43) wushi of team509, working with TippingPoint's Zero Day Initiative 14) wushi and Z of team509, working with TippingPoint's Zero Day Initiative 17) regenrecht working with iDefense 22, 31) Aki Helin of OUSPG 24) Ojan Vafai of Google 25) Colin Percival of Tarsnap 28) Dave Bowker 30) Mark Dowd of Azimuth Security 32) Chris Evans of Google 33, 45) wushi of team509 34) Sergey Glazunov 35) kuzzcc, and Skylined of Google Chrome Security Team 38) Yaar Schnitman of Google 39) Mark Dowd 40) James Robinson of Google 42) Marc Worrell of WhatWebWhat ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4196 Michal Zalewski: http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . Some have an unknown impact and others can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, or compromise a user's system. For more information: SA37931 SA40105 4) One unspecified vulnerability with an unknown impact has been reported in WebKit included in iTunes. No further information is currently available. 5) Two vulnerabilities in WebKit can be exploited by malicious people to compromise a user's system. For more information see vulnerability #14 and 15 in: SA40257 SOLUTION: Update to version 9.2. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Chris Evans of the Google Security Team and Andrzej Dyjak. 2) The vendor credits Kevin Finisterre, digitalmunition.com. 4) Reported by the vendor. ZDI-10-091: Apple Webkit Attribute Child Removal Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-091 June 8, 2010 -- CVE ID: CVE-2010-1119 -- Affected Vendors: Apple -- Affected Products: Apple WebKit -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 9853. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT4196 -- Disclosure Timeline: 2010-03-26 - Vulnerability reported to vendor 2010-06-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Ralf Philipp Weinmann and Vincenzo Iozzo * Vincenzo Iozzo -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ Follow the ZDI on Twitter: http://twitter.com/thezdi

Trust: 3.15

sources: NVD: CVE-2010-1119 // JVNDB: JVNDB-2010-001548 // ZDI: ZDI-10-091 // BID: 40642 // BID: 40620 // VULHUB: VHN-43724 // PACKETSTORM: 90456 // PACKETSTORM: 91028 // PACKETSTORM: 90403

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.3

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.3b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.2

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.2b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.1

Trust: 1.6

vendor:applemodel:safariscope:eqversion:1.1.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:3.0.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4

Trust: 1.4

vendor:applemodel:mac os x serverscope:eqversion:10.6.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.1.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0b

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.3

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.4

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b2

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.5

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.1.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.6

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.1.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.8

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.0.4b

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.0.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.4

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:3.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.3.2

Trust: 1.0

vendor:applemodel:safariscope:lteversion:4.0.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2.0.3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.5

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.4

Trust: 1.0

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.6.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.0b1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.6

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.1

Trust: 1.0

vendor:applemodel:iphone osscope:eqversion:2.2.1

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.2

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.2.0

Trust: 1.0

vendor:applemodel:safariscope:eqversion:1.0.1

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.7

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3.2.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.5

Trust: 1.0

vendor:applemodel:safariscope:eqversion:3

Trust: 1.0

vendor:applemodel:mac os x serverscope:eqversion:10.5.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.0 to 3.1.3

Trust: 0.8

vendor:applemodel:ios for ipod touchscope:eqversion:2.1 to 3.1.3

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:9

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:webkitscope: - version: -

Trust: 0.7

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.6

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.6

vendor:applemodel:safari for windowsscope:neversion:5.0

Trust: 0.6

vendor:applemodel:safariscope:neversion:5.0

Trust: 0.6

vendor:applemodel:safariscope:neversion:4.1

Trust: 0.6

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.0.1

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.1.1

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.1

Trust: 0.3

vendor:openmodel:handset alliance androidscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0.2.20

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:8.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:itunesscope:neversion:9.2

Trust: 0.3

vendor:applemodel:iosscope:neversion:4

Trust: 0.3

sources: ZDI: ZDI-10-091 // BID: 40642 // BID: 40620 // JVNDB: JVNDB-2010-001548 // CNNVD: CNNVD-201003-384 // NVD: CVE-2010-1119

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1119
value: HIGH

Trust: 1.0

NVD: CVE-2010-1119
value: MEDIUM

Trust: 0.8

ZDI: CVE-2010-1119
value: HIGH

Trust: 0.7

CNNVD: CNNVD-201003-384
value: CRITICAL

Trust: 0.6

VULHUB: VHN-43724
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1119
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.7

NVD: CVE-2010-1119
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-43724
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-10-091 // VULHUB: VHN-43724 // JVNDB: JVNDB-2010-001548 // CNNVD: CNNVD-201003-384 // NVD: CVE-2010-1119

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.1

sources: VULHUB: VHN-43724 // NVD: CVE-2010-1119

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 90403 // CNNVD: CNNVD-201003-384

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201003-384

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-001548

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-43724

PATCH

title:HT4196url:http://support.apple.com/kb/HT4196

Trust: 1.5

title:HT4220url:http://support.apple.com/kb/HT4220

Trust: 0.8

title:HT4225url:http://support.apple.com/kb/HT4225

Trust: 0.8

title:HT4196url:http://support.apple.com/kb/HT4196?viewlocale=ja_JP

Trust: 0.8

title:HT4220url:http://support.apple.com/kb/HT4220?viewlocale=ja_JP

Trust: 0.8

title:HT4225url:http://support.apple.com/kb/HT4225?viewlocale=ja_JP

Trust: 0.8

sources: ZDI: ZDI-10-091 // JVNDB: JVNDB-2010-001548

EXTERNAL IDS

db:NVDid:CVE-2010-1119

Trust: 3.6

db:SECUNIAid:40105

Trust: 2.0

db:VUPENid:ADV-2010-1512

Trust: 1.9

db:VUPENid:ADV-2010-1373

Trust: 1.9

db:SECTRACKid:1024067

Trust: 1.9

db:BIDid:40620

Trust: 1.4

db:SECUNIAid:40196

Trust: 1.2

db:ZDIid:ZDI-10-091

Trust: 1.1

db:SREASONid:8128

Trust: 1.1

db:JVNDBid:JVNDB-2010-001548

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-762

Trust: 0.7

db:CNNVDid:CNNVD-201003-384

Trust: 0.6

db:BIDid:40642

Trust: 0.4

db:PACKETSTORMid:90403

Trust: 0.2

db:PACKETSTORMid:99300

Trust: 0.1

db:SEEBUGid:SSVID-71462

Trust: 0.1

db:EXPLOIT-DBid:16974

Trust: 0.1

db:VULHUBid:VHN-43724

Trust: 0.1

db:PACKETSTORMid:90456

Trust: 0.1

db:PACKETSTORMid:91028

Trust: 0.1

sources: ZDI: ZDI-10-091 // VULHUB: VHN-43724 // BID: 40642 // BID: 40620 // JVNDB: JVNDB-2010-001548 // PACKETSTORM: 90456 // PACKETSTORM: 91028 // PACKETSTORM: 90403 // CNNVD: CNNVD-201003-384 // NVD: CVE-2010-1119

REFERENCES

url:http://support.apple.com/kb/ht4196

Trust: 2.0

url:http://securitytracker.com/id?1024067

Trust: 1.9

url:http://secunia.com/advisories/40105

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/1373

Trust: 1.9

url:http://www.vupen.com/english/advisories/2010/1512

Trust: 1.9

url:http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010

Trust: 1.7

url:http://news.cnet.com/8301-27080_3-20001126-245.html

Trust: 1.7

url:http://twitter.com/thezdi/statuses/11001080021

Trust: 1.7

url:http://support.apple.com/kb/ht4220

Trust: 1.2

url:http://lists.apple.com/archives/security-announce/2010/jun/msg00000.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2010//jun/msg00002.html

Trust: 1.1

url:http://lists.apple.com/archives/security-announce/2010/jun/msg00003.html

Trust: 1.1

url:http://www.securityfocus.com/bid/40620

Trust: 1.1

url:http://support.apple.com/kb/ht4225

Trust: 1.1

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7037

Trust: 1.1

url:http://secunia.com/advisories/40196

Trust: 1.1

url:http://securityreason.com/securityalert/8128

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1119

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1119

Trust: 0.8

url:http://lcamtuf.blogspot.com/2010/06/safari-tale-of-betrayal-and-revenge.html

Trust: 0.4

url:http://www.apple.com/safari/download/

Trust: 0.3

url:/archive/1/511715

Trust: 0.3

url:http://www.zerodayinitiative.com/advisories/zdi-10-091/

Trust: 0.3

url:http://www.apple.com/safari/

Trust: 0.3

url:http://secunia.com/products/corporate/evm/

Trust: 0.2

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/corporate/webinars/

Trust: 0.2

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.2

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.2

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.2

url:http://secunia.com/advisories/40105/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40105

Trust: 0.1

url:http://secunia.com/advisories/40105/

Trust: 0.1

url:http://secunia.com/advisories/40196/#comments

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=40196

Trust: 0.1

url:http://secunia.com/advisories/40196/

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/disclosure_policy/

Trust: 0.1

url:http://twitter.com/thezdi

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2010-1119

Trust: 0.1

url:http://www.tippingpoint.com

Trust: 0.1

url:http://www.zerodayinitiative.com

Trust: 0.1

url:http://www.zerodayinitiative.com/advisories/zdi-10-091

Trust: 0.1

sources: ZDI: ZDI-10-091 // VULHUB: VHN-43724 // BID: 40642 // BID: 40620 // JVNDB: JVNDB-2010-001548 // PACKETSTORM: 90456 // PACKETSTORM: 91028 // PACKETSTORM: 90403 // CNNVD: CNNVD-201003-384 // NVD: CVE-2010-1119

CREDITS

Ralf Philipp WeinmannVincenzo Iozzo

Trust: 0.7

sources: ZDI: ZDI-10-091

SOURCES

db:ZDIid:ZDI-10-091
db:VULHUBid:VHN-43724
db:BIDid:40642
db:BIDid:40620
db:JVNDBid:JVNDB-2010-001548
db:PACKETSTORMid:90456
db:PACKETSTORMid:91028
db:PACKETSTORMid:90403
db:CNNVDid:CNNVD-201003-384
db:NVDid:CVE-2010-1119

LAST UPDATE DATE

2024-11-23T20:11:22.051000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-10-091date:2010-06-08T00:00:00
db:VULHUBid:VHN-43724date:2017-09-19T00:00:00
db:BIDid:40642date:2011-03-14T18:37:00
db:BIDid:40620date:2010-06-10T21:19:00
db:JVNDBid:JVNDB-2010-001548date:2010-07-13T00:00:00
db:CNNVDid:CNNVD-201003-384date:2011-07-12T00:00:00
db:NVDid:CVE-2010-1119date:2024-11-21T01:13:41.097

SOURCES RELEASE DATE

db:ZDIid:ZDI-10-091date:2010-06-08T00:00:00
db:VULHUBid:VHN-43724date:2010-03-25T00:00:00
db:BIDid:40642date:2010-06-07T00:00:00
db:BIDid:40620date:2010-06-07T00:00:00
db:JVNDBid:JVNDB-2010-001548date:2010-06-22T00:00:00
db:PACKETSTORMid:90456date:2010-06-09T09:04:37
db:PACKETSTORMid:91028date:2010-06-25T14:14:55
db:PACKETSTORMid:90403date:2010-06-09T00:38:13
db:CNNVDid:CNNVD-201003-384date:2010-03-25T00:00:00
db:NVDid:CVE-2010-1119date:2010-03-25T21:00:01.063