CVE-2010-1387

Published: Jun 18, 2010Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Use-after-free vulnerability in JavaScriptCore in WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 on the iPhone and iPod touch, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page transitions, a different vulnerability than CVE-2010-1763 and CVE-2010-1769.

Affected (82)

Products: Apple: Itunes, Iphone Os

2 products

Configuration A

58 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Apple Itunes	Up to 9.0.3
Apple Itunes	Version 4.0.0
Apple Itunes	Version 4.0.1
Apple Itunes	Version 4.1.0
Apple Itunes	Version 4.2.0
Apple Itunes	Version 4.5.0
Apple Itunes	Version 4.5
Apple Itunes	Version 4.6.0
Apple Itunes	Version 4.6
Apple Itunes	Version 4.7.0
Apple Itunes	Version 4.7.1
Apple Itunes	Version 4.7.2
Apple Itunes	Version 4.7
Apple Itunes	Version 4.8.0
Apple Itunes	Version 4.9.0
Apple Itunes	Version 5.0.0
Apple Itunes	Version 5.0.1
Apple Itunes	Version 5.0
Apple Itunes	Version 6.0.0
Apple Itunes	Version 6.0.1
Apple Itunes	Version 6.0.2
Apple Itunes	Version 6.0.3
Apple Itunes	Version 6.0.4.2
Apple Itunes	Version 6.0.4
Apple Itunes	Version 6.0.5
Apple Itunes	Version 7.0.0
Apple Itunes	Version 7.0.1
Apple Itunes	Version 7.0.2
Apple Itunes	Version 7.1.0
Apple Itunes	Version 7.1.1
Apple Itunes	Version 7.2.0
Apple Itunes	Version 7.3.0
Apple Itunes	Version 7.3.1
Apple Itunes	Version 7.3.2
Apple Itunes	Version 7.4.0
Apple Itunes	Version 7.4.1
Apple Itunes	Version 7.4.2
Apple Itunes	Version 7.4.3
Apple Itunes	Version 7.4
Apple Itunes	Version 7.5.0
Apple Itunes	Version 7.5
Apple Itunes	Version 7.6.0
Apple Itunes	Version 7.6.1
Apple Itunes	Version 7.6.2
Apple Itunes	Version 7.6
Apple Itunes	Version 7.7.0
Apple Itunes	Version 7.7.1
Apple Itunes	Version 7.7
Apple Itunes	Version 8.0.0
Apple Itunes	Version 8.0.1
Apple Itunes	Version 8.0.2
Apple Itunes	Version 8.1.1
Apple Itunes	Version 8.1
Apple Itunes	Version 8.2.1
Apple Itunes	Version 8.2
Apple Itunes	Version 9.0.0
Apple Itunes	Version 9.0.1
Apple Itunes	Version 9.0.2

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

24 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Apple Iphone Os	Up to 3.2.1
Apple Iphone Os	Version 1.0.0
Apple Iphone Os	Version 1.0.1
Apple Iphone Os	Version 1.0.2
Apple Iphone Os	Version 1.1.0
Apple Iphone Os	Version 1.1.1
Apple Iphone Os	Version 1.1.2
Apple Iphone Os	Version 1.1.3
Apple Iphone Os	Version 1.1.4
Apple Iphone Os	Version 1.1.5
Apple Iphone Os	Version 2.0.0
Apple Iphone Os	Version 2.0.1
Apple Iphone Os	Version 2.0.2
Apple Iphone Os	Version 2.0
Apple Iphone Os	Version 2.1.1
Apple Iphone Os	Version 2.1
Apple Iphone Os	Version 2.2.1
Apple Iphone Os	Version 2.2
Apple Iphone Os	Version 3.0.1
Apple Iphone Os	Version 3.0
Apple Iphone Os	Version 3.1.2
Apple Iphone Os	Version 3.1.3
Apple Iphone Os	Version 3.1
Apple Iphone Os	Version 3.2

Running on/with	Platform Versions
Apple Iphone Os	All versions
Apple Ipod Touch	All versions

Related CWEs

References (42)

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: product-security@apple.com

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: product-security@apple.com

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: product-security@apple.com

http://secunia.com/advisories/40196

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/41856

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/42314

Source: product-security@apple.com

Vendor Advisory

http://secunia.com/advisories/43068

Source: product-security@apple.com

Vendor Advisory

http://securitytracker.com/id?1024108

Source: product-security@apple.com

http://support.apple.com/kb/HT4220

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4225

Source: product-security@apple.com

Vendor Advisory

http://support.apple.com/kb/HT4456

Source: product-security@apple.com

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: product-security@apple.com

http://www.securityfocus.com/bid/41016

Source: product-security@apple.com

http://www.ubuntu.com/usn/USN-1006-1

Source: product-security@apple.com

http://www.vupen.com/english/advisories/2010/1512

Source: product-security@apple.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2722

Source: product-security@apple.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: product-security@apple.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0552

Source: product-security@apple.com

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/59506

Source: product-security@apple.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061

Source: product-security@apple.com

http://lists.apple.com/archives/security-announce/2010//Jun/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/40196

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/41856

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42314

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/43068

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1024108

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.apple.com/kb/HT4220

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4225

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://support.apple.com/kb/HT4456

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2011:039

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/41016

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-1006-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1512

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/2722

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0212

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0552

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/59506

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7061

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.