Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2010-1939 | First vendor Publication | 2010-05-13 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.6 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1939 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:6748 | |||
| Oval ID: | oval:org.mitre.oval:def:6748 | ||
| Title: | Use-after-free vulnerability in Apple Safari 4.0.5 | ||
| Description: | Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2010-1939 | Version: | 7 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 | Product(s): | Apple Safari |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| Apple Safari parent.close() Invalid Pointer Code Execution | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-03-23 | Name : Apple Saferi multiple vulnerabilities (Mar10) File : nvt/secpod_apple_safari_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 64482 | Apple Safari parent.close() Function Invalid Pointer Arbitrary Code Execution Apple safari contains a flaw in the handling of parent windows that may allow an attacker to to call the close function using an invald pointer resulting in code execution. The issue is triggered when a user visits a specially crafted web pages and closes a spawned popup window. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Apple Safari window.parent.close unspecified remote code execution vulnerability RuleID : 16666 - Revision : 12 - Type : BROWSER-WEBKIT |
| 2014-01-10 | Apple Safari information disclosure and remote code execution attempt RuleID : 16596 - Revision : 13 - Type : BROWSER-WEBKIT |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:08:34 |
|
| 2024-11-28 12:22:00 |
|
| 2020-05-23 00:25:51 |
|
| 2017-09-19 09:23:48 |
|
| 2016-06-28 18:11:25 |
|
| 2016-04-26 19:49:51 |
|
| 2014-01-19 21:26:53 |
|
| 2013-05-10 23:25:19 |
|
