Published: 15/03/2010 Updated: 21/11/2024

Use-After-Free in WebKit Enables Remote Code Execution in Safari

A use-after-free vulnerability exists in WebKit for Apple Safari versions before 4.0.5. This flaw enables remote attackers to run arbitrary code or cause a denial of service by crashing the application. The issue is linked to "HTML object element fallback content."

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari
apple safari 4.0
apple safari 4.0.0b
apple safari 4.0.1
apple safari 4.0.2
apple safari 4.0.3

Debian Bug report logs - #574064 webkit: CVE-2010-0046 through CVE-2010-0054 (multiple vulnerabilities) Package: src:webkit; Maintainer for src:webkit is (unknown); Reported by: Michael Gilbert <michaelsgilbert@gmailcom> Date: Tue, 16 Mar 2010 02:30:01 UTC Severity: grave Tags: security Found in version webkit/101-4 ...

CWE-399 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574064 https://www.first.org/epss http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4225 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securityfocus.com/bid/38671 http://www.securitytracker.com/id?1023708 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6882 http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secunia.com/advisories/43068 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4225 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.securityfocus.com/bid/38671 http://www.securitytracker.com/id?1023708 http://www.ubuntu.com/usn/USN-1006-1 http://www.vupen.com/english/advisories/2010/2722 http://www.vupen.com/english/advisories/2011/0212 http://www.vupen.com/english/advisories/2011/0552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6882

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0047

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect