CVE-2010-1119: Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on…

critical10CVSS 3.1

AVNACLAuNCCICAC

EXPLOIT

Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.

Affected

95 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	iphone_os	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x	—	—
apple	mac_os_x_server	—	—