HTTP: Apple Safari HTML Image Element Handling Use After Free Vulnerability
A memory corruption vulnerability exists in Apple Safari. The vulnerability is due to a user-after-free error when handling HTML image element. Remote attackers can exploit this vulnerability to execute arbitrary code on the target machine by enticing a user into opening a specially crafted HTML document. In attack scenarios where code execution is successful the behavior of the target machine would depend entirely on the intention of the injected code, which would run within the security context of the logged on user. In situations where code execution is not successful, the vulnerable application may terminate abnormally.
Extended Description
WebKit is prone to a remote memory-corruption vulnerability; fixes are available. Successful exploits may allow the attacker to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. This issue was previously documented in BID 38671 (Apple Safari Prior to 4.0.5 Multiple Security Vulnerabilities) but has been given its own record to better document it.
Affected Products
Apple ipod_touch,Red_hat fedora
Short Name
HTTP:STC:SAFARI:IMG-USE-FREE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
After Apple CVE-2010-0054 Element Free HTML Handling Image Safari Use Vulnerability bid:38691
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Red_hat
Mandriva
Webkit_open_source_project
Apple
Ubuntu
CVSS Score
9.3