CVE-2010-0047 – Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content." Vulnerabilidad uso después de la liberación (use-after-free) en el WebKit en Apple Safari anterior v4.0.5 permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de vectores relacionados con "HTML object element fallback content." This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the WebCore's HTMLObjectElement::renderFallBackContent() method. By rewriting an HTML element via the document's innerHTML() method a memory corruption occurs resulting from a call-after-free. • http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041383.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041432.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041436.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/41856 http://secu • CWE-399: Resource Management Errors •
CVE-2010-0042
https://notcve.org/view.php?id=CVE-2010-0042
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image. ImageIO en Apple Safari anterior a v4.0.5 sobre Windows no se asegura de que el acceso a memoria esté asociado con la inicialización de memoria, lo que permite a atacantes remotos obtener información sensible desde los procesos de memoria a través de imágenes TIFF manipuladas. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://secunia.com/advisories/42314 http://support.apple.com/kb/HT4070 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0045
https://notcve.org/view.php?id=CVE-2010-0045
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document. Apple Safari en versiones anteriores a la v4.0.5 en Windows no valida apropiadamente esquemas URL externos, lo que permite, a atacantes remotos, abrir ficheros locales y ejecutar código de su elección a través de un documento HTML modificado. • http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://support.apple.com/kb/HT4070 http://www.securityfocus.com/bid/38671 http://www.securitytracker.com/id?1023706 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6817 • CWE-20: Improper Input Validation •
CVE-2010-0041
https://notcve.org/view.php?id=CVE-2010-0041
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image. ImageIO de Apple Safari en versiones anteriores a la v4.0.5 en Windows no valida que el acceso a memoria esté asociado a la memoria inicializada, lo que permite, a atacantes remotos, obtener información confidencial de los procesos en memoria a través de una imagen BMP. • http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.apple.com/archives/security-announce/2010//Mar/msg00003.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://secunia.com/advisories/39135 http://support.apple.com/kb/HT4070 http://support.apple.com/kb/HT4077 http://support.apple.com/kb/HT4105 http://support.apple.com/kb/HT4225 http: • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2010-0044
https://notcve.org/view.php?id=CVE-2010-0044
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed. PubSub en Apple Safari anterior a v 4.0.5 no implementa adecuadamente las preferencias de uso para aceptar y rechazar cookies, lo que facilita a servidores web remotos seguir las preferencias de usuario (tracking) estableciendo una cookie en un (1) RSS o (2) Atom feed. • http://lists.apple.com/archives/security-announce/2010/Mar/msg00000.html http://osvdb.org/62937 http://support.apple.com/kb/HT4070 http://www.securityfocus.com/bid/38671 http://www.securityfocus.com/bid/38675 https://exchange.xforce.ibmcloud.com/vulnerabilities/56830 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7051 • CWE-16: Configuration •