Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-1939 | First vendor Publication | 2010-05-13 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1939 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6748 | |||
Oval ID: | oval:org.mitre.oval:def:6748 | ||
Title: | Use-after-free vulnerability in Apple Safari 4.0.5 | ||
Description: | Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-1939 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Apple Safari |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
Apple Safari parent.close() Invalid Pointer Code Execution | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2010-03-23 | Name : Apple Saferi multiple vulnerabilities (Mar10) File : nvt/secpod_apple_safari_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64482 | Apple Safari parent.close() Function Invalid Pointer Arbitrary Code Execution Apple safari contains a flaw in the handling of parent windows that may allow an attacker to to call the close function using an invald pointer resulting in code execution. The issue is triggered when a user visits a specially crafted web pages and closes a spawned popup window. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple Safari window.parent.close unspecified remote code execution vulnerability RuleID : 16666 - Revision : 12 - Type : BROWSER-WEBKIT |
2014-01-10 | Apple Safari information disclosure and remote code execution attempt RuleID : 16596 - Revision : 13 - Type : BROWSER-WEBKIT |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:08:34 |
|
2024-11-28 12:22:00 |
|
2020-05-23 00:25:51 |
|
2017-09-19 09:23:48 |
|
2016-06-28 18:11:25 |
|
2016-04-26 19:49:51 |
|
2014-01-19 21:26:53 |
|
2013-05-10 23:25:19 |
|