Sign-up

ID

VAR-201007-0325


CVE

CVE-2010-1789


TITLE

Apple Safari of WebKit Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2010-001855

DESCRIPTION

Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a JavaScript string object. This issue has been addressed in Apple Safari 5.0.1 and 4.1.1. Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2010-07-28-1. Attackers can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage. Successful attacks may result in information disclosure, remote code execution, denial of service, or other consequences. This BID is being retired. The following individual records exist to better document these issues: 41884 Apple Safari Personal Address Book AutoFill Information Disclosure Weakness 42034 WebKit Inline Elements Remote Memory Corruption Vulnerability 42035 WebKit CVE-2010-1783 Remote Memory Corruption Vulnerability 42036 WebKit CSS Counters Remote Memory Corruption Vulnerability 42037 WebKit ':first-letter' and ':first-line' Pseudo-Elements Remote Memory Corruption Vulnerability 42038 WebKit CVE-2010-1787 Floating Elements Remote Memory Corruption Vulnerability 42039 Apple Safari RSS Feed Information Disclosure Vulnerability 42041 WebKit 'use' Element Handling Remote Memory Corruption Vulnerability 42042 WebKit Regular Expression Handling Remote Memory Corruption Vulnerability 42043 WebKit Just-In-Time Compiled JavaScript Stubs Remote Code Execution Vulnerability 42044 WebKit Element Focus Use-After-Free Remote Code Execution Vulnerability 42045 WebKit JavaScript Array Signedness Error Remote Code Execution Vulnerability 42046 WebKit 'foreignObject' Elements Use-After-Free Remote Code Execution Vulnerability 42048 WebKit JavaScript String Object Remote Heap Based Buffer Overflow Vulnerability 42049 WebKit 'font-face' and 'use' Elements Use-After-Free Remote Code Execution Vulnerability. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). Request a free trial: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42314 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42314/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 RELEASE DATE: 2010-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/42314/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42314/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42314 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, disclose sensitive information, bypass certain security restrictions, or to compromise a user's system. For more information: SA40257 SA41328 SA42151 SA42312 SOLUTION: Upgrade to iOS 4.2 (downloadable and installable via iTunes). ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . For more information: SA32349 SA33495 SA35095 SA35379 SA35411 SA35449 SA35758 SA36269 SA36677 SA37273 SA37346 SA37769 SA38061 SA38545 SA38932 SA39029 SA39091 SA39384 SA39661 SA39937 SA40002 SA40072 SA40105 SA40112 SA40148 SA40196 SA40257 SA40664 SA40783 SA41014 SA41085 SA41242 SA41328 SA41390 SA41443 SA41535 SA41841 SA41888 SA41968 SA42151 SA42264 SA42290 SA42312 SA42443 SA42461 SA42658 SA42769 SA42886 SA42956 SA43053 SOLUTION: Apply updated packages via YaST Online Update or the SUSE FTP server

Trust: 2.43

sources: NVD: CVE-2010-1789 // JVNDB: JVNDB-2010-001855 // BID: 42048 // BID: 42020 // VULHUB: VHN-44394 // PACKETSTORM: 96086 // PACKETSTORM: 97846

AFFECTED PRODUCTS

vendor:applemodel:safariscope:eqversion:4.0.5

Trust: 2.2

vendor:applemodel:safariscope:eqversion:4.0.4

Trust: 2.2

vendor:applemodel:safariscope:eqversion:4.0.3

Trust: 2.2

vendor:applemodel:safariscope:eqversion:4.0.2

Trust: 2.2

vendor:applemodel:safariscope:eqversion:4.0.1

Trust: 2.2

vendor:applemodel:safariscope:eqversion:4.0.0b

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4.0

Trust: 1.6

vendor:applemodel:safariscope:eqversion:4

Trust: 1.4

vendor:applemodel:safariscope:eqversion:5.0

Trust: 1.2

vendor:applemodel:safariscope:lteversion:5.0

Trust: 1.0

vendor:applemodel:webkitscope:eqversion:*

Trust: 1.0

vendor:applemodel:safariscope:lteversion:4.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.4.11

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.0 to 4.1 (iphone 3g after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:2.1 to 4.1 (ipod touch (2nd generation) after )

Trust: 0.8

vendor:applemodel:iosscope:eqversion:3.2 to 3.2.2 (ipad for )

Trust: 0.8

vendor:applemodel:ipadscope: - version: -

Trust: 0.8

vendor:applemodel:iphonescope: - version: -

Trust: 0.8

vendor:applemodel:ipod touchscope: - version: -

Trust: 0.8

vendor:applemodel:itunesscope:eqversion:10

Trust: 0.8

vendor:applemodel:safariscope:eqversion:5

Trust: 0.8

vendor:applemodel:safari for windowsscope:eqversion:4.0.5

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4.0.4

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4.0.3

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4.0.2

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:5.0

Trust: 0.6

vendor:applemodel:safariscope:eqversion:4.1

Trust: 0.6

vendor:applemodel:safari for windowsscope:eqversion:4

Trust: 0.6

vendor:applemodel:safari betascope:eqversion:4

Trust: 0.6

vendor:applemodel:safariscope:neversion:5.0.1

Trust: 0.6

vendor:applemodel:safariscope:neversion:4.1.1

Trust: 0.6

vendor:applemodel:webkitscope: - version: -

Trust: 0.6

vendor:webkitmodel:open source project webkit r52833scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r52401scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r51295scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkit r38566scope: - version: -

Trust: 0.3

vendor:webkitmodel:open source project webkitscope:eqversion:0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1.8

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0.1

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.0

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.2

Trust: 0.3

vendor:applemodel:itunesscope:eqversion:9.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.1.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:3.0

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.2

Trust: 0.3

vendor:applemodel:ipod touchscope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.3

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:4.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:3.0

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.2

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.1

Trust: 0.3

vendor:applemodel:iphonescope:eqversion:2.0

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:ipadscope:eqversion:0

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.0.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2.1

Trust: 0.3

vendor:applemodel:ios betascope:eqversion:4.2

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4.1

Trust: 0.3

vendor:applemodel:iosscope:eqversion:4

Trust: 0.3

vendor:applemodel:iosscope:eqversion:3.2

Trust: 0.3

vendor:applemodel:itunesscope:neversion:10

Trust: 0.3

vendor:applemodel:iosscope:neversion:4.2

Trust: 0.3

sources: BID: 42048 // BID: 42020 // JVNDB: JVNDB-2010-001855 // CNNVD: CNNVD-201007-322 // NVD: CVE-2010-1789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1789
value: HIGH

Trust: 1.0

NVD: CVE-2010-1789
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201007-322
value: CRITICAL

Trust: 0.6

VULHUB: VHN-44394
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2010-1789
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-44394
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-44394 // JVNDB: JVNDB-2010-001855 // CNNVD: CNNVD-201007-322 // NVD: CVE-2010-1789

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-44394 // JVNDB: JVNDB-2010-001855 // NVD: CVE-2010-1789

THREAT TYPE

network

Trust: 0.6

sources: BID: 42048 // BID: 42020

TYPE

Unknown

Trust: 0.6

sources: BID: 42048 // BID: 42020

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001855

PATCH
title:HT4276url:http://support.apple.com/kb/HT4276
Trust: 0.8
title:HT4328url:http://support.apple.com/kb/HT4328
Trust: 0.8
title:HT4456url:http://support.apple.com/kb/HT4456
Trust: 0.8
title:HT4276url:http://support.apple.com/kb/HT4276?viewlocale=ja_JP
Trust: 0.8
title:HT4328url:http://support.apple.com/kb/HT4328?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001855

EXTERNAL IDS
db:NVDid:CVE-2010-1789
Trust: 2.8
db:BIDid:42020
Trust: 2.0
db:SECUNIAid:43068
Trust: 1.2
db:SECUNIAid:42314
Trust: 1.2
db:VUPENid:ADV-2011-0212
Trust: 1.1
db:VUPENid:ADV-2010-3046
Trust: 1.1
db:JVNDBid:JVNDB-2010-001855
Trust: 0.8
db:CNNVDid:CNNVD-201007-322
Trust: 0.7
db:NSFOCUSid:15474
Trust: 0.6
db:APPLEid:APPLE-SA-2010-07-28-1
Trust: 0.6
db:BIDid:42048
Trust: 0.4
db:VULHUBid:VHN-44394
Trust: 0.1
db:PACKETSTORMid:96086
Trust: 0.1
db:PACKETSTORMid:97846
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44394 // 
            
            
            
            BID: 42048 // 
            
            
            
            BID: 42020 // 
            
            
            
            JVNDB: JVNDB-2010-001855 // 
            
            
            
            PACKETSTORM: 96086 // 
            
            
            
            PACKETSTORM: 97846 // 
            
            
            
            CNNVD: CNNVD-201007-322 // 
            
            
            
            NVD: CVE-2010-1789

REFERENCES
url:http://lists.apple.com/archives/security-announce/2010//jul/msg00001.html
Trust: 1.7
url:http://www.securityfocus.com/bid/42020
Trust: 1.7
url:http://support.apple.com/kb/ht4276
Trust: 1.7
url:http://support.apple.com/kb/ht4456
Trust: 1.2
url:http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Trust: 1.2
url:http://lists.apple.com/archives/security-announce/2010//nov/msg00003.html
Trust: 1.1
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11524
Trust: 1.1
url:http://secunia.com/advisories/42314
Trust: 1.1
url:http://secunia.com/advisories/43068
Trust: 1.1
url:http://www.vupen.com/english/advisories/2010/3046
Trust: 1.1
url:http://www.vupen.com/english/advisories/2011/0212
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1789
Trust: 0.8
url:http://jvn.jp/cert/jvnvu568637
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1789
Trust: 0.8
url:http://www.nsfocus.net/vulndb/15474
Trust: 0.6
url:http://www.apple.com/safari/download/
Trust: 0.3
url:http://www.apple.com/safari/
Trust: 0.3
url:http://secunia.com/products/corporate/evm/
Trust: 0.2
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.2
url:http://secunia.com/products/corporate/vim/
Trust: 0.2
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.2
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.2
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.2
url:http://secunia.com/advisories/42314/
Trust: 0.1
url:http://secunia.com/advisories/42314/#comments
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42314
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=43068
Trust: 0.1
url:http://secunia.com/advisories/43068/#comments
Trust: 0.1
url:http://secunia.com/advisories/43068/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-44394 // 
            
            
            
            BID: 42048 // 
            
            
            
            BID: 42020 // 
            
            
            
            JVNDB: JVNDB-2010-001855 // 
            
            
            
            PACKETSTORM: 96086 // 
            
            
            
            PACKETSTORM: 97846 // 
            
            
            
            CNNVD: CNNVD-201007-322 // 
            
            
            
            NVD: CVE-2010-1789

CREDITS
Jeremiah Grossman
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201007-322

SOURCES
db:VULHUBid:VHN-44394
db:BIDid:42048
db:BIDid:42020
db:JVNDBid:JVNDB-2010-001855
db:PACKETSTORMid:96086
db:PACKETSTORMid:97846
db:CNNVDid:CNNVD-201007-322
db:NVDid:CVE-2010-1789

LAST UPDATE DATE
2024-11-23T19:41:20.749000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-44394date:2017-09-19T00:00:00
db:BIDid:42048date:2010-11-22T18:16:00
db:BIDid:42020date:2010-07-28T20:25:00
db:JVNDBid:JVNDB-2010-001855date:2010-12-10T00:00:00
db:CNNVDid:CNNVD-201007-322date:2010-08-03T00:00:00
db:NVDid:CVE-2010-1789date:2024-11-21T01:15:12.190

SOURCES RELEASE DATE
db:VULHUBid:VHN-44394date:2010-07-30T00:00:00
db:BIDid:42048date:2010-07-28T00:00:00
db:BIDid:42020date:2010-07-28T00:00:00
db:JVNDBid:JVNDB-2010-001855date:2010-08-23T00:00:00
db:PACKETSTORMid:96086date:2010-11-24T11:53:31
db:PACKETSTORMid:97846date:2011-01-25T03:59:20
db:CNNVDid:CNNVD-201007-322date:2010-07-22T00:00:00
db:NVDid:CVE-2010-1789date:2010-07-30T20:30:02.177