PT-2010-5096 · Microsoft+3 · Windows+4
Huzaifa S. Sidhpurwala
·
Publicado
2010-11-20
·
Atualizado
2017-09-19
·
CVE-2010-3812
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Apple Safari versions prior to 5.0.3 on Mac OS X 10.5 through 10.6 and Windows
Apple Safari versions prior to 4.1.3 on Mac OS X 10.4
webkitgtk versions prior to 1.2.6
Description
The issue is related to an integer overflow in the Text::wholeText method in WebKit, which can be exploited by remote attackers to execute arbitrary code or cause a denial of service, resulting in an application crash. This can be achieved via vectors involving Text objects.
Recommendations
For Apple Safari versions prior to 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, update to version 5.0.3 or later.
For Apple Safari versions prior to 4.1.3 on Mac OS X 10.4, update to version 4.1.3 or later.
For webkitgtk versions prior to 1.2.6, update to version 1.2.6 or later.
Correção
RCE
DoS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Macos X
Red Hat
Safari
Windows
Webkitgtk