← Back

CVE-2010-1770

nvd nist
Published: Jun 11, 2010Modified: Apr 29, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Apple Safari before 4.1 on Mac OS X 10.4, and Google Chrome before 5.0.375.70 does not properly handle a transformation of a text node that has the IBM1147 character set, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document containing a BR element, related to a "type checking issue."

Affected (13)

Products: Apple: Safari, Webkit · Google: Chrome · Canonical: Ubuntu Linux · +2 more
Show all products
Apple: Safari, Webkit · Google: Chrome · Canonical: Ubuntu Linux · Opensuse: Opensuse · Suse: Suse Linux Enterprise Desktop, Suse Linux Enterprise Server
Apple
2 products
Safari
Webkit
Google
1 product
Chrome
Canonical
1 product
Ubuntu Linux
Opensuse
1 product
Opensuse
Suse
2 products
Suse Linux Enterprise Desktop
Suse Linux Enterprise Server
Configuration A
32 platform
Running on/withPlatform Versions
Apple
Mac Os X
Version 10.5.0
Apple
Mac Os X
Version 10.5.1
Apple
Mac Os X
Version 10.5.2
Apple
Mac Os X
Version 10.5.3
Apple
Mac Os X
Version 10.5.4
Apple
Mac Os X
Version 10.5.5
Apple
Mac Os X
Version 10.5.6
Apple
Mac Os X
Version 10.5.7
Apple
Mac Os X
Version 10.5.8
Apple
Mac Os X
Version 10.5
Apple
Mac Os X
Version 10.6.0
Apple
Mac Os X
Version 10.6.1
Apple
Mac Os X
Version 10.6.2
Apple
Mac Os X
Version 10.6.3
Apple
Mac Os X Server
Version 10.5.0
Apple
Mac Os X Server
Version 10.5.1
Apple
Mac Os X Server
Version 10.5.2
Apple
Mac Os X Server
Version 10.5.3
Apple
Mac Os X Server
Version 10.5.4
Apple
Mac Os X Server
Version 10.5.5
Apple
Mac Os X Server
Version 10.5.6
Apple
Mac Os X Server
Version 10.5.7
Apple
Mac Os X Server
Version 10.5.8
Apple
Mac Os X Server
Version 10.5
Apple
Mac Os X Server
Version 10.6.0
Apple
Mac Os X Server
Version 10.6.1
Apple
Mac Os X Server
Version 10.6.2
Apple
Mac Os X Server
Version 10.6.3
Microsoft
Windows 7
All versions
Microsoft
Windows Vista
All versions
Microsoft
Windows Xp
All versions
Microsoft
Windows Xp
All versions
Configuration B
2 vulnerable · 26 platform
Vulnerable SoftwareAffected Versions
Safari
Up to 4.0.5
Webkit
All versions
Running on/withPlatform Versions
Apple
Mac Os X
Version 10.4.0
Apple
Mac Os X
Version 10.4.10
Apple
Mac Os X
Version 10.4.11
Apple
Mac Os X
Version 10.4.1
Apple
Mac Os X
Version 10.4.2
Apple
Mac Os X
Version 10.4.3
Apple
Mac Os X
Version 10.4.4
Apple
Mac Os X
Version 10.4.5
Apple
Mac Os X
Version 10.4.6
Apple
Mac Os X
Version 10.4.7
Apple
Mac Os X
Version 10.4.8
Apple
Mac Os X
Version 10.4.9
Apple
Mac Os X
Version 10.4
Apple
Mac Os X Server
Version 10.4.0
Apple
Mac Os X Server
Version 10.4.10
Apple
Mac Os X Server
Version 10.4.11
Apple
Mac Os X Server
Version 10.4.1
Apple
Mac Os X Server
Version 10.4.2
Apple
Mac Os X Server
Version 10.4.3
Apple
Mac Os X Server
Version 10.4.4
Apple
Mac Os X Server
Version 10.4.5
Apple
Mac Os X Server
Version 10.4.6
Apple
Mac Os X Server
Version 10.4.7
Apple
Mac Os X Server
Version 10.4.8
Apple
Mac Os X Server
Version 10.4.9
Apple
Mac Os X Server
Version 10.4
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Chrome
Before 5.0.375.70
Configuration D
10 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 10.04.4
Ubuntu Linux
Version 10.04
Ubuntu Linux
Version 10.10
Ubuntu Linux
Version 9.10
Opensuse
Opensuse
Version 11.2
Opensuse
Version 11.3
Suse
Suse Linux Enterprise Desktop
Version 10 sp3
Suse Linux Enterprise Desktop
Version 11 sp1
Suse
Suse Linux Enterprise Server
Version 10 sp3
Suse Linux Enterprise Server
Version 11 sp1

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (56)

Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListVendor Advisory
Source: product-security@apple.com
Mailing ListPatchVendor Advisory
Source: product-security@apple.com
Mailing ListThird Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Vendor Advisory
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
PatchThird Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party Advisory
Source: product-security@apple.com
Permissions RequiredThird Party Advisory
Source: product-security@apple.com
Permissions RequiredThird Party Advisory
Source: product-security@apple.com
Permissions RequiredThird Party Advisory
Source: product-security@apple.com
Permissions RequiredThird Party Advisory
Source: product-security@apple.com
Permissions RequiredThird Party Advisory
Source: product-security@apple.com
Third Party AdvisoryVDB Entry
Source: product-security@apple.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions RequiredThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.