CVE-2010-1750 - Vulnerability Details - OpenCVE

Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.05719.

Key SSVC decision points have not yet been added.

Vendors	Products
Apple	Safari
Microsoft	Windows 7 Windows Vista Windows Xp

Configuration 1 [-]

AND

OR	cpe:2.3:a:apple:safari::::::::
	cpe:2.3:a:apple:safari:4.0:::::::*
	cpe:2.3:a:apple:safari:4.0.0b:::::::*
	cpe:2.3:a:apple:safari:4.0.1:::::::*
	cpe:2.3:a:apple:safari:4.0.2:::::::*
	cpe:2.3:a:apple:safari:4.0.3:::::::*
	cpe:2.3:a:apple:safari:4.0.4:::::::*

OR	cpe:2.3:o:microsoft:windows_7::::::::
	cpe:2.3:o:microsoft:windows_vista::::::::
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html
http://secunia.com/advisories/40105
http://securitytracker.com/id?1024067
http://support.apple.com/kb/HT4196
http://www.securityfocus.com/bid/40620
http://www.vupen.com/english/advisories/2010/1373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143

History

No history.

MITRE

Status: PUBLISHED

Assigner: apple

Published: 2010-06-11T17:28:00

Updated: 2024-08-07T01:35:53.619Z

Reserved: 2010-05-06T00:00:00

Link: CVE-2010-1750

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-06-11T18:00:53.833

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1750

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T12:57:01", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"name": "APPLE-SA-2010-06-07-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"name": "40105", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40105"}, {"name": "ADV-2010-1373", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"name": "oval:org.mitre.oval:def:7143", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}, {"name": "40620", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40620"}, {"name": "1024067", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1024067"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4196"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2010-1750", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "APPLE-SA-2010-06-07-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"name": "40105", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40105"}, {"name": "ADV-2010-1373", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"name": "oval:org.mitre.oval:def:7143", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}, {"name": "40620", "refsource": "BID", "url": "http://www.securityfocus.com/bid/40620"}, {"name": "1024067", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1024067"}, {"name": "http://support.apple.com/kb/HT4196", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4196"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:35:53.619Z"}, "title": "CVE Program Container", "references": [{"name": "APPLE-SA-2010-06-07-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"name": "40105", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40105"}, {"name": "ADV-2010-1373", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"name": "oval:org.mitre.oval:def:7143", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}, {"name": "40620", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40620"}, {"name": "1024067", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1024067"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4196"}]}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2010-1750", "datePublished": "2010-06-11T17:28:00", "dateReserved": "2010-05-06T00:00:00", "dateUpdated": "2024-08-07T01:35:53.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "matchCriteriaId": "517AC59C-3071-4D4E-B370-DD6F3D73E0BD", "versionEndIncluding": "4.0.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BDA6DB4-A0DA-43CA-AABD-10EEEEB28EAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.0b:*:*:*:*:*:*:*", "matchCriteriaId": "02EAC196-AE43-4787-9AF9-E79E2E1BBA46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2FD40E4-D4C9-492E-8432-ABC9BD2C7E67", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "36EA71E0-63F7-46FF-AF11-792741F27628", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "80E36485-565D-4FAA-A6AD-57DF42D47462", "vulnerable": true}, {"criteria": "cpe:2.3:a:apple:safari:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "73E9C17F-C99E-4ABB-B312-31F87BC0C0E8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "matchCriteriaId": "D56B932B-9593-44E2-B610-E4EB2143EB21", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "matchCriteriaId": "3852BB02-47A1-40B3-8E32-8D8891A53114", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in Apple Safari before 5.0 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to improper window management."}, {"lang": "es", "value": "Vulnerabilidad de uso despues de liberacion en WebKit de Apple Safari anterior a v5.0 en Windows permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n o causar una denegaci\u00f3n de servicio (fallo de la aplicaci\u00f3n) a trav\u00e9s de vectores relacionados con la inadecuada gesti\u00f3n de ventanas."}], "id": "CVE-2010-1750", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-06-11T18:00:53.833", "references": [{"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40105"}, {"source": "product-security@apple.com", "url": "http://securitytracker.com/id?1024067"}, {"source": "product-security@apple.com", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT4196"}, {"source": "product-security@apple.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/40620"}, {"source": "product-security@apple.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"source": "product-security@apple.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1024067"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://support.apple.com/kb/HT4196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/40620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7143"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-399"}], "source": "nvd@nist.gov", "type": "Primary"}]}