Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1807 — Improper Input Validation in Google Android

CWE-20 — Improper Input Validation8 documents6 sources

Severity

9.3CRITICALNVD

EPSS

78.6%

top 0.95%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Google Android Webkitgtk Apple Safari

Timeline

PublishedSep 10

Latest updateMay 17

Description

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

▶NVDwebkitgtk/webkitgtk1.2.5+5

▶NVDapple/safari11 versions+10

▶NVDgoogle/android2.1+5

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-qhcv-5g2q-vm4c: WebKit in Apple Safari 4↗2022-05-17

▶

VulnCheck

Apple safari Improper Input Validation↗2010

▶

💥Exploits & PoCs

Exploit-DB

Google Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit↗2010-11-15

▶

Exploit-DB

Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)↗2010-11-05

▶

📋Vendor Advisories

Red Hat

webkit: input validation error when parsing certain NaN values↗2010-09-07

▶

💬Community

Bugzilla

CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]↗2010-10-05

▶

Bugzilla

CVE-2010-1807 webkit: input validation error when parsing certain NaN values↗2010-08-26

▶