CVE-2010-0049
Apple WebKit RTL LineBox Overflow Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
Vulnerabilidad de uso después de liberacion en WebKit de Apple Safari en versiones anteriores a la v4.0.5 permite a usuarios remotos ejecutar comandos de su elección o provocar una denegación de servicio (caida de la aplicación) a través de elementos HTML con direccionalidad de texto de derecha a izquierda (RTL).
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists due to the method by which the Webkit library renders right-to-left text. If a linebox has a width greater than it's container, Webkit frees an object that upon page destruction is freed again. An attacker can exploit this to code execute remote code under the context of the application.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-15 CVE Reserved
- 2010-03-11 First Exploit
- 2010-03-12 CVE Published
- 2024-08-07 CVE Updated
- 2025-01-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-399: Resource Management Errors
CAPEC
References (21)
| URL | Tag | Source |
|---|---|---|
| http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=863 | Third Party Advisory | |
| http://osvdb.org/62942 | Vdb Entry | |
| http://secunia.com/advisories/41856 | Third Party Advisory | |
| http://secunia.com/advisories/43068 | Third Party Advisory | |
| http://support.apple.com/kb/HT4225 | X_refsource_confirm |
|
| http://www.securitytracker.com/id?1023708 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/2722 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0212 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0552 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6810 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33752 | 2010-03-11 |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/38671 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | <= 4.0.4 Search vendor "Apple" for product "Safari" and version " <= 4.0.4" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0 Search vendor "Apple" for product "Safari" and version "4.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0 Search vendor "Apple" for product "Safari" and version "4.0" | beta |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.0b Search vendor "Apple" for product "Safari" and version "4.0.0b" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.1 Search vendor "Apple" for product "Safari" and version "4.0.1" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.2 Search vendor "Apple" for product "Safari" and version "4.0.2" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Safari Search vendor "Apple" for product "Safari" | 4.0.3 Search vendor "Apple" for product "Safari" and version "4.0.3" | - |
Affected
| ||||||