CVE-2010-1823

Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://code.google.com/p/chromium/issues/detail?id=50250	Issue Tracking Patch Vendor Advisory
http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html	Vendor Advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html	Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	Mailing List Third Party Advisory
http://secunia.com/advisories/43068	Third Party Advisory
http://support.apple.com/kb/HT4808	Third Party Advisory
http://support.apple.com/kb/HT4981	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212	Third Party Advisory
https://bugs.webkit.org/show_bug.cgi?id=43055	Permissions Required
https://bugs.webkit.org/show_bug.cgi?id=44533	Issue Tracking Patch Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:apple:itunes::::::::
	cpe:2.3:a:apple:safari::::::::

History

No history.

Information

Published : 2010-09-24 19:00

Updated : 2020-07-31 19:20

NVD link : CVE-2010-1823

Mitre link : CVE-2010-1823

CVE.ORG link : CVE-2010-1823

JSON object : View

Products Affected

apple

safari
itunes

google

chrome

CWE

CWE-416

Use After Free

{"id": "CVE-2010-1823", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-09-24T19:00:04.357", "references": [{"url": "http://code.google.com/p/chromium/issues/detail?id=50250", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://googlechromereleases.blogspot.com/2010/09/stable-beta-channel-updates_14.html", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.apple.com/archives/security-announce/2011//Jul/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://secunia.com/advisories/43068", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4808", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://support.apple.com/kb/HT4981", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0212", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=43055", "tags": ["Permissions Required"], "source": "product-security@apple.com"}, {"url": "https://bugs.webkit.org/show_bug.cgi?id=44533", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "product-security@apple.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7405", "tags": ["Third Party Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in WebKit before r65958, as used in Google Chrome before 6.0.472.59, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger use of document APIs such as document.close during parsing, as demonstrated by a Cascading Style Sheets (CSS) file referencing an invalid SVG font, aka rdar problem 8442098."}, {"lang": "es", "value": "Vulnerabilidad de usar despu\u00e9s de liberar en WebKit en versiones anteriores a la vr65958, como se utiliza en Google Chrome en versiones anteriores a la v6.0.472.59, permite a atacantes remotos provocar una denegaci\u00f3n de servicio y posiblemente provocar otros da\u00f1os a trav\u00e9s de vectores de ataque que provocan el uso de las APIs document tal como document.close durante el parseo, como se ha demostrado por un fichero de hojas de estilo en cascada (CSS) referenciando un \"font\" SVG, tambi\u00e9n conocido como problema rdar 8442098."}], "lastModified": "2020-07-31T19:20:46.327", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "083D2BC1-C013-4B03-B295-F8131B5AB162", "versionEndExcluding": "6.0.472.59"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFDEF0C6-55A8-4240-AFFC-D3FC70F82F1D", "versionEndExcluding": "10.5"}, {"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA42DFF0-41FC-4ADA-8F10-F18B32BA66C0", "versionEndExcluding": "5.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}