Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

WebKit / Apple Safari / Google Chrome multiple security vulnerabilities
updated since 15.03.2010
Published: 17.03.2010
Source: BUGTRAQ
SecurityVulns ID: 10692
Type: library
Level: 7/10
Description: Use-after-free, integer overflow, clickjacking.

Affected: APPLE : Safari 4.0
GOOGLE : Chrome 3.0
CVE: CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.)
CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.)

Original document ZDI, ZDI-10-030: Apple WebKit CSS run-in Attribute Rendering Remote Code Execution Vulnerability (17.03.2010)

ZDI, ZDI-10-031: Apple Webkit Blink Event Dangling Pointer Remote Code Execution Vulnerability (17.03.2010)

Michal Zalewski, ...because you can't get enough of clickjacking (16.03.2010)

document ZDI, ZDI-10-029: Apple WebKit innerHTML element Substitution Remote Code Execution Vulnerability (16.03.2010)

VUPEN Security Research, VUPEN Security Research - Apple Safari ColorSync Profile Integer Overflow Vulnerability (15.03.2010)

IDEFENSE, iDefense Security Advisory 03.11.10: Multiple Vendor WebKit HTML Element Use After Free Vulnerability (15.03.2010)

Files: Browsers focus hijack demonstration
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server