CVE-2010-1812

Published Sep 9, 2010

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and webkitgtk before 1.2.6, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving selections.
Source: product-security@apple.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-399

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52D67004-A069-4868-9C17-C252032F4F1E",
            "versionEndExcluding": "4.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:apple:ipod_touch:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9F4CB31-584D-4810-A35C-31D5702853C9"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66B27F2F-BE67-4212-AA9A-454677D56C47",
            "versionEndExcluding": "1.2.6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:lts:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D37DF0F-F863-45AC-853A-3E04F9FEC7CA"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References