CVE-2010-1029

Sažetak

Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences.

Reference

http://www.securityfocus.com/bid/38398
http://www.exploit-db.com/exploits/11567
http://www.exploit-db.com/exploits/11574
http://secunia.com/advisories/43068
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.vupen.com/english/advisories/2011/0212
https://exchange.xforce.ibmcloud.com/vulnerabilities/56527
https://exchange.xforce.ibmcloud.com/vulnerabilities/56524
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14301

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

23-05-2021 - 00:52

Objavljeno

19-03-2010 - 21:30