Published: 10/09/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

WebKit in Apple Safari 4.x prior to 4.1.2 and 5.x prior to 5.0.2; Android prior to 2.2; and webkitgtk prior to 1.2.6; does not properly validate floating-point data, which allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari 4.0.5
apple safari 4.1
apple safari 4.0.0b
apple safari 4.1.1
apple safari 4.0
apple safari 4.0.3
apple safari 4.0.4
apple safari 4.0.1
apple safari 4.0.2
apple safari 5.0.1
apple safari 5.0
google android
google android 1.6
google android 1.5
google android 2.0
google android 1.1
google android 1.0
webkitgtk webkitgtk 1.2.0
webkitgtk webkitgtk 1.2.2
webkitgtk webkitgtk 1.2.1
webkitgtk webkitgtk 1.2.4
webkitgtk webkitgtk 1.2.3
webkitgtk webkitgtk

Debian Bug report logs - #599830 Multiple security issues Package: webkit; Maintainer for webkit is (unknown); Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Mon, 11 Oct 2010 17:51:09 UTC Severity: grave Tags: security Fixed in version 125-1 Done: Gustavo Noronha Silva <kov@debianorg> Bug is archived N ...

# Exploit Title: Android 20/21 Use-After-Free Remote Code Execution on Webkit # Date: 14/11/2010 # Author: Itzhak Avraham, mj # Tested on: Droid 21 # CVE : CVE-2010-1807 *Better exploit (better rate and more flexible for changes, also shorter shellcode) than what you have, plus, it's also verified Enjoy! More details at : * imthezukbl ...

<html> <head> <script> // bug = webkit code execution CVE-2010-1807 cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2010-1807 // listed as a safari bug but also works on android :) //tested = moto droid 201 , moto droid 21 , emulater 20 - 21 //patched= android 22 //author = mj // hardcoded to return a shel ...

Android versions 20 and 21 reverse shell exploit that leverages a Webkit code execution vulnerability ...

Android versions 20 and 21 use-after-free remote code execution on webkit exploit ...

CWE-20 http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html http://www.securityfocus.com/bid/43047 http://support.apple.com/kb/HT4333 http://www.vupen.com/english/advisories/2010/2722 http://www.ubuntu.com/usn/USN-1006-1 http://secunia.com/advisories/41856 http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack http://support.apple.com/kb/HT4456 http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://www.vupen.com/english/advisories/2010/3046 http://secunia.com/advisories/42314 http://trac.webkit.org/changeset/64706 http://secunia.com/advisories/43068 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html https://bugzilla.redhat.com/show_bug.cgi?id=627703 http://www.vupen.com/english/advisories/2011/0212 http://www.redhat.com/support/errata/RHSA-2011-0177.html http://secunia.com/advisories/43086 http://www.vupen.com/english/advisories/2011/0216 http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 http://www.vupen.com/english/advisories/2011/0552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599830 https://nvd.nist.gov https://www.exploit-db.com/exploits/15548/

CVE-2010-1807

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect