Sign-up

ID

VAR-201005-0178


CVE

CVE-2010-1939


TITLE

Apple Safari window object invalid pointer vulnerability

Trust: 0.8

sources: CERT/CC: VU#943165

DESCRIPTION

Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. Apple Safari Is window A vulnerability exists that does not correctly handle references to objects. Apple Safari Then window With a reference to the object remaining, window It is possible to delete objects. JavaScript Removed from window An illegal pointer reference occurs when using an object. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. NOTE: To successfully exploit this issue, the browser pop-up blocker needs to be disabled. The pop-up blocker in Safari is enabled by default. Apple Apple Safari is a web browser developed by Apple (Apple), and is the default browser included with Mac OS X and iOS operating systems. ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. The vulnerability is caused due to an error in the handling of parent windows and can result in a function call using an invalid pointer. This can be exploited to execute arbitrary code when a user e.g. visits a specially crafted web page and closes opened pop-up windows. Other versions may also be affected. SOLUTION: Do not visit untrusted web sites or follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Krystian Kloskowski (h07) ORIGINAL ADVISORY: http://h07.w.interia.pl/Safari.rar ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2010-1939 // CERT/CC: VU#943165 // JVNDB: JVNDB-2010-001496 // BID: 39990 // VULHUB: VHN-44544 // PACKETSTORM: 89292

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 1.6

vendor:applemodel: - scope: - version: -

Trust: 0.8

vendor:applemodel:safariscope:eqversion:4.0.5 for windows

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.3

sources: CERT/CC: VU#943165 // BID: 39990 // JVNDB: JVNDB-2010-001496 // CNNVD: CNNVD-201005-215 // NVD: CVE-2010-1939

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1939
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#943165
value: 20.41

Trust: 0.8

NVD: CVE-2010-1939
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201005-215
value: HIGH

Trust: 0.6

VULHUB: VHN-44544
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1939
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44544
severity: HIGH
baseScore: 7.6
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 4.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#943165 // VULHUB: VHN-44544 // JVNDB: JVNDB-2010-001496 // CNNVD: CNNVD-201005-215 // NVD: CVE-2010-1939

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-44544 // JVNDB: JVNDB-2010-001496 // NVD: CVE-2010-1939

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201005-215

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201005-215

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001496

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-44544

PATCH
title:HT4196url:http://support.apple.com/kb/HT4196
Trust: 0.8
title:HT4196url:http://support.apple.com/kb/HT4196?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001496

EXTERNAL IDS
db:CERT/CCid:VU#943165
Trust: 3.6
db:NVDid:CVE-2010-1939
Trust: 2.8
db:BIDid:39990
Trust: 2.8
db:SECUNIAid:39670
Trust: 2.6
db:VUPENid:ADV-2010-1097
Trust: 2.5
db:SECTRACKid:1023958
Trust: 2.5
db:OSVDBid:64482
Trust: 2.5
db:JVNDBid:JVNDB-2010-001496
Trust: 0.8
db:NSFOCUSid:14982
Trust: 0.6
db:CNNVDid:CNNVD-201005-215
Trust: 0.6
db:EXPLOIT-DBid:12573
Trust: 0.1
db:EXPLOIT-DBid:12614
Trust: 0.1
db:SEEBUGid:SSVID-68618
Trust: 0.1
db:VULHUBid:VHN-44544
Trust: 0.1
db:PACKETSTORMid:89292
Trust: 0.1
sources:
            
            
            CERT/CC: VU#943165 // 
            
            
            
            VULHUB: VHN-44544 // 
            
            
            
            BID: 39990 // 
            
            
            
            JVNDB: JVNDB-2010-001496 // 
            
            
            
            PACKETSTORM: 89292 // 
            
            
            
            CNNVD: CNNVD-201005-215 // 
            
            
            
            NVD: CVE-2010-1939

REFERENCES
url:http://www.kb.cert.org/vuls/id/943165
Trust: 2.8
url:http://www.securityfocus.com/bid/39990
Trust: 2.5
url:http://securitytracker.com/id?1023958
Trust: 2.5
url:http://secunia.com/advisories/39670
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/1097
Trust: 2.5
url:http://h07.w.interia.pl/safari.rar
Trust: 1.8
url:http://reviews.cnet.com/8301-13727_7-20004709-263.html
Trust: 1.7
url:http://www.osvdb.org/64482
Trust: 1.7
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a6748
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1939
Trust: 0.8
url:http://jvn.jp/cert/jvnvu943165
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1939
Trust: 0.8
url:http://osvdb.org/64482
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14982
Trust: 0.6
url:http://www.apple.com/safari/
Trust: 0.3
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/39670/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#943165 // 
            
            
            
            VULHUB: VHN-44544 // 
            
            
            
            BID: 39990 // 
            
            
            
            JVNDB: JVNDB-2010-001496 // 
            
            
            
            PACKETSTORM: 89292 // 
            
            
            
            CNNVD: CNNVD-201005-215 // 
            
            
            
            NVD: CVE-2010-1939

CREDITS
Krystian Kloskowski h07@interia.pl
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201005-215

SOURCES
db:CERT/CCid:VU#943165
db:VULHUBid:VHN-44544
db:BIDid:39990
db:JVNDBid:JVNDB-2010-001496
db:PACKETSTORMid:89292
db:CNNVDid:CNNVD-201005-215
db:NVDid:CVE-2010-1939

LAST UPDATE DATE
2024-11-23T20:25:15.558000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#943165date:2010-07-27T00:00:00
db:VULHUBid:VHN-44544date:2017-09-19T00:00:00
db:BIDid:39990date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-001496date:2010-08-16T00:00:00
db:CNNVDid:CNNVD-201005-215date:2010-05-14T00:00:00
db:NVDid:CVE-2010-1939date:2024-11-21T01:15:30.847

SOURCES RELEASE DATE
db:CERT/CCid:VU#943165date:2010-05-10T00:00:00
db:VULHUBid:VHN-44544date:2010-05-13T00:00:00
db:BIDid:39990date:2010-05-07T00:00:00
db:JVNDBid:JVNDB-2010-001496date:2010-06-03T00:00:00
db:PACKETSTORMid:89292date:2010-05-08T08:39:48
db:CNNVDid:CNNVD-201005-215date:2010-05-13T00:00:00
db:NVDid:CVE-2010-1939date:2010-05-13T22:30:00.983