CVE-2010-1750 - OpenCVE

Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows 7 Windows Xp Windows Vista
Apple	Safari

Configuration 1 [-]

AND

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:4.0:::::::*
	cpe:2.3:a:apple:safari:4.0.0b:::::::*
	cpe:2.3:a:apple:safari:4.0.1:::::::*
	cpe:2.3:a:apple:safari:4.0.2:::::::*
	cpe:2.3:a:apple:safari:4.0.3:::::::*
	cpe:2.3:a:apple:safari:4.0.4:::::::*

OR	cpe:2.3:o:microsoft:windows_7::::::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

References

Link	Resource
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html	Patch Vendor Advisory
http://secunia.com/advisories/40105	Vendor Advisory
http://securitytracker.com/id?1024067
http://support.apple.com/kb/HT4196	Vendor Advisory
http://www.securityfocus.com/bid/40620	Patch
http://www.vupen.com/english/advisories/2010/1373	Patch Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2010-06-11T17:28:00

Updated: 2017-09-18T12:57:01

Reserved: 2010-05-06T00:00:00

Link: CVE-2010-1750

JSON object: View

NVD Information

Status : Modified

Published: 2010-06-11T18:00:53.833

Modified: 2017-09-19T01:30:47.907

Link: CVE-2010-1750

JSON object: View

Redhat Information

No data.

CWE

CWE-399

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2010-06-07-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"name": "40105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40105"}, {"name": "ADV-2010-1373", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"name": "oval:org.mitre.oval:def:7143", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}, {"name": "40620", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40620"}, {"name": "1024067", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024067"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4196"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-1750", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2010-06-07-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"name": "40105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40105"}, {"name": "ADV-2010-1373", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"name": "oval:org.mitre.oval:def:7143", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}, {"name": "40620", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40620"}, {"name": "1024067", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024067"}, {"name": "http://support.apple.com/kb/HT4196", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4196"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-1750", "datePublished": "2010-06-11T17:28:00", "dateReserved": "2010-05-06T00:00:00", "dateUpdated": "2017-09-18T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "517AC59C-3071-4D4E-B370-DD6F3D73E0BD", "versionEndIncluding": "4.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "73E9C17F-C99E-4ABB-B312-31F87BC0C0E8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management."}, {"lang": "es", "value": "Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Windows permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n o causar una denegaci\u00f3n de servicio (fallo de la aplicaci\u00f3n) a trav\u00e9s de vectores relacionados con la inadecuada gesti\u00f3n de ventanas."}], "id": "CVE-2010-1750", "lastModified": "2017-09-19T01:30:47.907", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-06-11T18:00:53.833", "references": [{"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40105"}, {"source": "product-security@apple.com", "url": "http://securitytracker.com/id?1024067"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT4196"}, {"source": "product-security@apple.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/40620"}, {"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"source": "product-security@apple.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}