CVE-2010-1415Code Injection in Apple Safari

CWE-94Code Injection5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
31.8%
top 3.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Safari
Timeline
PublishedJun 11
Latest updateMay 2

Description

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDapple/safari4.0.5+6

Patches

Patch: lists.apple.comPatch: www.securityfocus.comPatch: www.vupen.com

🔴Vulnerability Details

1
GHSA
GHSA-wj8w-xpfm-jprq: WebKit in Apple Safari before 52022-05-02

💥Exploits & PoCs

1
Exploit-DB
GlobalScape Secure FTP Server - Input Overflow (Metasploit)2010-10-05

📋Vendor Advisories

1
Red Hat
WebKit: API abuse vulnerability in handling of libxml contexts2010-06-07

💬Community

1
Bugzilla
CVE-2010-1415 WebKit: API abuse vulnerability in handling of libxml contexts2010-05-26