// For flags

CVE-2010-1807

Google Android 2.0 < 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222/TCP)

Severity Score

9.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

WebKit en Apple Safari v4.x anteriores a v4.1.2 y v5.x anteriores a v5.0.2 no valida de forma adecuada los datos con punto flotante, lo que permite a atacantes remotos ejecutar código o provocar una denegación de servicio (caída de la aplicación) a través de un documento HTML manipulado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2010-05-06 CVE Reserved
  • 2010-09-10 CVE Published
  • 2010-11-05 First Exploit
  • 2023-05-01 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (25)
URL Tag Source
http://secunia.com/advisories/42314 Third Party Advisory
http://support.apple.com/kb/HT4456 X_refsource_confirm
http://trac.webkit.org/changeset/64706 X_refsource_confirm
http://www.computerworld.com/s/article/9195058/Researcher_to_release_Web_based_Android_attack X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11964 Signature
URL Date SRC
https://www.exploit-db.com/exploits/15423 2010-11-05
https://www.exploit-db.com/exploits/15548 2010-11-15
URL Date SRC
http://www.securityfocus.com/bid/43047 2017-09-19
URL Date SRC
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html 2017-09-19
http://lists.apple.com/archives/security-announce/2010//Sep/msg00001.html 2017-09-19
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html 2017-09-19
http://secunia.com/advisories/41856 2017-09-19
http://secunia.com/advisories/43068 2017-09-19
http://secunia.com/advisories/43086 2017-09-19
http://support.apple.com/kb/HT4333 2017-09-19
http://www.mandriva.com/security/advisories?name=MDVSA-2011:039 2017-09-19
http://www.redhat.com/support/errata/RHSA-2011-0177.html 2017-09-19
http://www.ubuntu.com/usn/USN-1006-1 2017-09-19
http://www.vupen.com/english/advisories/2010/2722 2017-09-19
http://www.vupen.com/english/advisories/2010/3046 2017-09-19
http://www.vupen.com/english/advisories/2011/0212 2017-09-19
http://www.vupen.com/english/advisories/2011/0216 2017-09-19
http://www.vupen.com/english/advisories/2011/0552 2017-09-19
https://bugzilla.redhat.com/show_bug.cgi?id=627703 2011-01-25
https://access.redhat.com/security/cve/CVE-2010-1807 2011-01-25
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0
Search vendor "Apple" for product "Safari" and version "4.0"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0
Search vendor "Apple" for product "Safari" and version "4.0"
beta
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0.0b
Search vendor "Apple" for product "Safari" and version "4.0.0b"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0.1
Search vendor "Apple" for product "Safari" and version "4.0.1"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0.2
Search vendor "Apple" for product "Safari" and version "4.0.2"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0.3
Search vendor "Apple" for product "Safari" and version "4.0.3"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0.4
Search vendor "Apple" for product "Safari" and version "4.0.4"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.0.5
Search vendor "Apple" for product "Safari" and version "4.0.5"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.1
Search vendor "Apple" for product "Safari" and version "4.1"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 4.1.1
Search vendor "Apple" for product "Safari" and version "4.1.1"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 5.0
Search vendor "Apple" for product "Safari" and version "5.0"
-
Affected
Apple
Search vendor "Apple"
 Safari
Search vendor "Apple" for product "Safari"
 5.0.1
Search vendor "Apple" for product "Safari" and version "5.0.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 <= 2.1
Search vendor "Google" for product "Android" and version " <= 2.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 1.0
Search vendor "Google" for product "Android" and version "1.0"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 1.1
Search vendor "Google" for product "Android" and version "1.1"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 1.5
Search vendor "Google" for product "Android" and version "1.5"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 1.6
Search vendor "Google" for product "Android" and version "1.6"
-
Affected
Google
Search vendor "Google"
 Android
Search vendor "Google" for product "Android"
 2.0
Search vendor "Google" for product "Android" and version "2.0"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 <= 1.2.5
Search vendor "Webkitgtk" for product "Webkitgtk" and version " <= 1.2.5"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 1.2.0
Search vendor "Webkitgtk" for product "Webkitgtk" and version "1.2.0"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 1.2.1
Search vendor "Webkitgtk" for product "Webkitgtk" and version "1.2.1"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 1.2.2
Search vendor "Webkitgtk" for product "Webkitgtk" and version "1.2.2"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 1.2.3
Search vendor "Webkitgtk" for product "Webkitgtk" and version "1.2.3"
-
Affected
Webkitgtk
Search vendor "Webkitgtk"
 Webkitgtk
Search vendor "Webkitgtk" for product "Webkitgtk"
 1.2.4
Search vendor "Webkitgtk" for product "Webkitgtk" and version "1.2.4"
-
Affected